Cardholder Data Security Clause Samples
The Cardholder Data Security clause establishes requirements for protecting sensitive payment card information handled by a party. It typically mandates the implementation of security measures such as encryption, restricted access, and compliance with industry standards like PCI DSS when processing, storing, or transmitting cardholder data. This clause serves to minimize the risk of data breaches and unauthorized access, thereby safeguarding both the cardholders and the parties involved from financial loss and reputational harm.
Cardholder Data Security. To the extent applicable, each of the parties shall be required to comply at all times with the Payment Card Industry Data Security Standard Program (“PCI-DSS”) in effect and as may be amended from time to time during the term of the Agreement. The current PCI-DSS specifications are available on the PCI Security Standards Council website which may be amended or modified at any time: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.
Cardholder Data Security. With respect to the Program, from and after the Effective Date, Company and Bank shall, each at its own cost and expense except to the extent otherwise provided therein, comply with the information security and business continuity requirements set forth in Schedule 6.4. At a minimum, the parties shall transmit, store and process Cardholder Data in accordance with Applicable Law, Network Rules, Payment Card Industry Data Security Standards and the then-current security rules and requirements of the Network, all as applicable to the Program. [*] Without limiting the foregoing, Company and Bank will each establish, maintain and implement (and require each of its subcontractors receiving Cardholder Data or Company Guest Data to establish, maintain and implement) an information security program, including appropriate administrative, technical and physical safeguards, that is designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Information Security Data and any other Applicable Law governing data security, including the objectives of (v) ensuring the security and confidentiality of the Cardholder Data, (w) protecting against any anticipated threats or hazards to the security or integrity of the Cardholder Data, (x) protecting against unauthorized access to or modification, destruction, disclosure, use or disposal of, or access to, Cardholder Data, (y) ensuring the proper disposal of Cardholder Data, and (z) in the event of a security breach involving Cardholder Data, ensuring that the party suffering such breach notifies affected Cardholders, Applicants and other individuals, and Governmental Authorities, in each case insofar as required by and otherwise in compliance with Applicable Law and Network Rules. [*]
Cardholder Data Security. (A) Each Party acknowledges and agrees that this Amended Program Manager Agreement constitutes an agreement for Manager to perform services for ▇▇▇▇▇▇ Bank as contemplated in Title V of GLBA and the Privacy Regulations. Without limiting the generality of the terms of this Amended Program Manager Agreement, Manager and Processor each agree that they shall protect the privacy of Cardholder Data to at least the same extent that ▇▇▇▇▇▇ Bank must maintain that confidentiality under GLBA and the Privacy Regulations. Without limiting the generality of the foregoing sentence, except as otherwise provided in any Program Schedule, neither Manager nor Processor shall:
(i) use any Cardholder Data except to perform its obligations under this Amended Program Manager Agreement (unless such Cardholder Data is used for Manager’s internal business purposes), or
(ii) disclose any Cardholder Data other than to:
(a) any Network or any other entity to which disclosure is necessary in connection with the processing a Transaction;
(b) a Third Party Service Provider in connection with a permitted use of such Cardholder Data under this Section 8.1, provided that each such Third Party Service Provider agrees in writing to maintain all such Cardholder Data as strictly confidential in perpetuity and not to use or disclose such information to any person other than ▇▇▇▇▇▇ Bank, Manager or Processor, except as required by Applicable Law or any Regulatory Authority (after giving ▇▇▇▇▇▇ Bank, Manager or Processor, as applicable, prior notice and an opportunity to defend against such disclosure) or as permitted under ▇▇▇▇▇▇ Bank’s Privacy Policy; provided, further, that each such Third Party Service Provider maintains, and agrees in writing to maintain, an information security program that is designed to protect Cardholder Data and information related to Transactions, and which complies with the requirements under the Network Rules, including but not limited to the requirement for such Third Party Service Provider, upon termination of any of its associated Card Programs, to securely destroy all Cardholder Data in its possession associated with such Card Program as quickly as circumstances permit in accordance with best industry practices and provide a written notice to ▇▇▇▇▇▇ Bank that the destruction of the Cardholder Data has been completed;
(c) its employees, consultants, attorneys and accountants with a need to know such Cardholder Data in connection with a permitted use of such Cardhol...
Cardholder Data Security. Provider has implemented technical and organizational measures designed to secure Merchant’s Customer’s personal information from accidental loss and from unauthorized access, use, alteration or disclosure; however, Provider cannot guarantee that unauthorized third parties will never be able to defeat those measures or use Merchant’s, or Merchant’s Customers’, personal information for improper purposes.
a) Restriction on distribution of credit account numbers via unencrypted messaging technologies, such as email, instant messaging, etc.
b) Installation of anti-virus software that updates automatically.
c) Installation of all operating system patches, such as Windows Updates, timely to protect Merchant’s system from known vulnerabilities.
d) All Cardholder Data or deposit account information that may be used in phone orders should be entered directly into Provider’s system and should not be recorded. Should hard copy data be received by Merchant, it should be destroyed immediately after received in a manner that reconstruction is not practically possible (shredding, incinerated, pulped, etc.). Any materials that are not immediately destroyed must be secured.
Cardholder Data Security. Licensee acknowledges that to the extent it receives cardholder data in connection with the Agreement, Licensee is responsible for the security of the cardholder data Licensee possesses and Licensee will comply with current Payment Card Industry (“PCI”) Data Security Standards (as updated by PCI from time to time). In the event of a data breach of Sears Card cardholder information involving Licensee or Licensee’s environment, Licensee will notify Sears within 24 hours of identified breach and cooperate fully with Sears, PCI, and government officials in any review or forensic investigation of Licensee’s environment and processes.
Cardholder Data Security. You agree you are fully responsible for the security of data collected through your website or otherwise in your possession or control including cardholder data. Cardholder data is any personally identifiable information associated with an individual's credit card or debit card, including Primary Account Numbers (PAN), cardholder name, expiration date, or service code. You expressly agree to comply with the PCI and to provide validation of compliance to Faithlife upon request.