Payment Card Industry Compliance. If you use the Services to accept Transactions, you must comply with the Payment Card Industry Data Security Standards ("PCI-DSS") and, if applicable to your business, the Payment Application Data Security Standards ("PA-DSS") (collectively, the "PCI Requirements"). The specific steps you will need to take to comply with the PCI Requirements will depend on your business and your use of the Services, and Helcim provides tools that may simplify your PCI compliance process. You can review your PCI Compliance status via the Helcim Dashboard. Additional information regarding PCI compliance in relation to your use of the Services is available through the Helcim Dashboard. You agree to provide us with evidence demonstrating your compliance with the PCI Requirements, if requested. If you store, hold and maintain "Account Data", as defined by the PCI Requirements (including Customer card account number or expiration date), you further agree that you will either maintain a PCI-compliant system or use a compliant service provider to store or transmit such Account Data; further, you agree to never store any "Sensitive Authentication Data", as defined by the PCI Requirements (such as CVC or CVV2), data at any time. You can find information about the PCI Requirements on the PCI Council's website. xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/
Payment Card Industry Compliance. To the extent that Administrator, in the course of providing Services, stores, processes, transmits or otherwise obtains cardholder data, or performs any activities regulated by the Payment Card Industry (“PCI”) Security Standards Council, Administrator shall comply with the most current version of the PCI Data Security Standard (“DSS”), the PIN Transaction Security Standard (“PTS”), the Payment Application Data Security Standard (“PA-DSS”), and the Point-to-Point Encryption Solutions Requirements and Testing Procedures (“P2PE”), and any other applicable program or requirement that is published and/or otherwise mandated by applicable card networks or the PCI Security Standards Council.
Payment Card Industry Compliance. In any contract where the Contractor provides a system or service that involves processing credit card payments (a “Payment Solution”), the Payment Solution must be Payment Card Industry Data Security Standard Compliant (“PCI-DSS Compliant”), as determined and verified by the Department of Finance, and must (1) process credit card payments through the use of a Merchant ID (“MID”) obtained by the County’s Department of Finance by and in the name of the County as merchant of record, or (2) use a MID obtained by and in the name of the Contractor as merchant of record.
Payment Card Industry Compliance. (a) Each party agrees to comply with all applicable Security Standards.
(b) Merchant further agrees to provide CMS, upon its request, with such tests, scans, and assessments of Merchant’s compliance with Security Standards as may from time to time be required by the Card Network Rules in order for CMS to confirm or validate Merchant’s compliance with the Security Standards.
(c) Merchant understands that its or its Service Providers failure to comply with the Card Network Rules, including the Security Standards, may result in Card Network Liabilities for which Merchant shall be responsible.
(d) Merchant shall immediately notify CMS of its use of any Service Provider(s), and Merchant is responsible for ensuring that any and all Service Providers and third-party payment software or applications used by Merchant to transmit, store or process Card Information, are compliant with all applicable Security Standards and appropriately registered with, or otherwise recognized as being compliant with the Security Standards, by all applicable Card Networks.
(e) If a forensic examination of Merchant or any of Merchant’s Service Providers is required pursuant to the Card Network Rules, Merchant agrees to engage an approved PCI Forensic Investigator (“PFI”) (a list of which is available from the PCI Council), and cause such forensic examination to be completed within the timeframe required by the Card Network Rules, and cooperate with the PFI in connection therewith. Notwithstanding the foregoing, the Card Networks may directly engage, or demand that CMS engage, an examiner on behalf of the Merchant in order to expedite the investigation of a suspected Data Compromise Event, and/or may require CMS to investigate such Data Compromise Event. Merchant agrees to pay for all costs and expenses related to any required forensic examination and all liabilities associated with any Data Compromise Event. Furthermore, if Merchant is undergoing a forensic investigation at the time this Agreement is executed, Merchant shall fully cooperate with the investigation and agrees to continue so cooperating until the investigation is completed.
Payment Card Industry Compliance. 1. If applicable, Vendor shall comply with the then-current Payment Card Industry (PCI) Data Security Standards.
Payment Card Industry Compliance. College Policy 15-01, Responsible Acquisition and Use of Computing Resources
Payment Card Industry Compliance. Company acknowledges responsibility for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of Client, or to the extent that Company could impact the security of the cardholder data environment. Company attests that, as of the Effective Date of this Agreement, it has complied with all applicable requirements to be considered PCI DSS compliant, has performed the necessary steps to validate
Payment Card Industry Compliance. Company acknowledges responsibility for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of Client, or to the extent that Company could impact the security of the cardholder data environment. Company attests that, as of the Effective Date of this Agreement, it has complied with all applicable requirements to be considered PCI DSS compliant, has performed the necessary steps to validate its compliance with the PCI DSS, and will maintain such compliance for the Term of this Agreement. For purposes of this Agreement, “PCI DSS” means the most current version of the Payment Card Industry Data Security Standard administered by the Payment Card Industry Security Standards Council. Company agrees to supply evidence of its most recent validation of compliance upon execution of this Agreement and annually for the length of the Agreement. Company will immediately notify Client if it learns it is no longer PCI DSS compliant and will immediately remediate the non-compliance status. In no event shall Company’s notification to Client be later than thirty (30) calendar days after Company learns it is no longer PCI DSS compliant. Company acknowledges that unauthorized access to the cardholder data environment (“a cardholder data breach”) resulting from a lapse in Company’s security obligations is grounds for early termination of this Agreement without penalty, at Client’s discretion. Company agrees to comply with all applicable laws requiring notification of individuals in the event of a cardholder data breach. In the event of a cardholder data breach resulting from a lapse in Company’s security obligations, Company agrees to assume responsibility for informing all such individuals in accordance with applicable law. Company further agrees to indemnify, hold harmless, and defend Client and its agents and employees from and against any claims, damages, or other harm related to a cardholder data breach. This provision survives termination of this Agreement.
Payment Card Industry Compliance. Merchant acknowledges and understands the importance of compliance with the Security Standards, such as those relating to the storage and disclosure of Transaction Data and Payment Instrument Information. Therefore, Merchant shall exercise reasonable care to prevent disclosure or use of Payment Instrument Information, other than (a) to Merchant’s agents and contractors for the purpose of assisting Merchant in completing a Transaction; (b) to the applicable Payment Brand; or (c) as specifically required by law. Furthermore, Merchant acknowledges and understands that its use of any fraud mitigation or security enhancement solution (e.g. an encryption product or service), whether provided to Merchant by Chase Paymentech or a third party, in no way limits Merchant’s obligation to comply with the Security Standards or Merchant’s liabilities set forth in this Agreement.
Payment Card Industry Compliance. Merchant acknowledges and understands the importance of compliance with the Security Standards, such as those relating to the storage and disclosure of Transaction Data and Payment Instrument Information. Therefore, Merchant shall exercise reasonable care to prevent disclosure or use of Payment Instrument Information, other than (a) to Merchant’s agents and contractors for the purpose of assisting Merchant in completing a Transaction; (b) to the applicable Payment Brand; or (c) as specifically required by law. Furthermore, Merchant acknowledges and understands that its use of any fraud mitigation or security enhancement solution (e.g. an encryption product or service), whether provided to Merchant by Treasury or a third party, in no way limits Merchant’s obligation to comply with the Security Standards or Merchant’s liabilities set forth in this Agreement. Merchant is allowed by the Payment Brand Rules to store only certain Payment Instrument Information (currently limited to the Customer’s name, Payment Instrument truncated account number, and expiration date) and is prohibited from storing additional Payment instrument information, including, without limitation, any security code data, such as XXX0, XXX0, and PIN data, and any magnetic stripe track data. Merchant shall store all media containing Payment Instrument Information in an unreadable format wherever it is stored and in an area limited to selected personnel on a “need to know” basis only. (Secure environments include locked drawers, file cabinets in a locked office, and safes.) Prior to either party discarding any material containing Payment Instrument Information, the party will render the account numbers unreadable in accordance with the requirements of the Security Standards. If at any time Merchant determines or suspects that Payment Instrument Information has been compromised Merchant must notify Treasury immediately and assist in providing notification to such parties as may be required by law or Payment Brand Rules, or as Processor otherwise reasonably deems necessary. Merchant information may be shared by Processor with its affiliates and with the Payment Brands subject to the provisions of this Agreement and Payment Brand Rules. Merchant agrees to comply with all Security Standards. Merchant agrees that any person involved in the acceptance, processing, or storage of credit card data will complete the mandatory Security Awareness Education (SAE) online training prior to processing paymen...
