PAYMENT CARD INDUSTRY DATA SECURITY Sample Clauses

PAYMENT CARD INDUSTRY DATA SECURITY. [INCLUDE PROVISION IF THE SERVICES INVOLVE STORAGE, PROCESSING OR TRANSMITTAL OF PAYMENT CARD ACCOUNT NUMBERS. DELETE THIS CLAUSE IF INAPPLICABLE.] a. CONTRACTOR agrees to establish security procedures to protect cardholder data and comply with the Payment Card Industry Data Security Standards (PCI DSS). Contractor can find details of the PCI DSS at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/security_standards/pci_dss.shtml b. CONTRACTOR agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] within 30 days if either CONTRACTOR establishes that it is not PCI-compliant or CONTRACTOR is notified by a Qualified Security Assessor (QSA) or CONTRACTOR’s acquiring bank that CONTRACTOR is not PCI-compliant. c. CONTRACTOR agrees to comply with all applicable laws that require the notification of individuals in the event of unauthorized release of cardholder data. In the event of a breach of any of CONTRACTOR's security obligations or other event requiring notification under applicable law, CONTRACTOR agrees to assume responsibility for informing all such individuals in accordance with applicable law and to indemnify, hold harmless and defend Minnesota State Colleges and Universities and [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] and its trustees, officers, and employees from and against any claims, damages, or other harm related to such a breach. d. CONTRACTOR agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE]’s authorized representative within 24 hours in the event of unauthorized release of cardholder data.
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
PAYMENT CARD INDUSTRY DATA SECURITY. [INCLUDE PROVISION IF THE SERVICES INVOLVE STORAGE, PROCESSING OR TRANSMITTAL OF PAYMENT CARD ACCOUNT NUMBERS. DELETE THIS CLAUSE IF INAPPLICABLE.]
Sample 1Sample 2Sample 3See All (4)
PAYMENT CARD INDUSTRY DATA SECURITY. Standard (PCI DSS)‌ Contractor covenants and warrants that it is currently PCI DSS compliant and will remain compliant during the entire duration of this Contract. Contractor agrees to immediately notify County in the event Contractor should ever become non-compliant, and will take all necessary steps to return to compliance and shall be compliant within ten (10) days of the commencement of any such interruption. Upon demand by County, Contractor shall provide to County written certification of Contractor’s PCI/DSS and/or PA DSS compliance.
Sample 1
PAYMENT CARD INDUSTRY DATA SECURITY. LESSEE certifies that it will implement and at all times comply with the most current Payment Card Industry Data Security Standards (PCI DSS) regarding data security. LESSEE will provide written annual confirmation of PCI DSS compliance from the credit card types used by the CITY (i.e. VISA, MasterCard, Discover, and American Express). LESSEE will immediately notify the CITY if it undergoes, or has reason to believe that it will undergo, an adverse change resulting in the loss of compliance with the PCI DSS standards and/or other material payment card industry standards. In addition, LESSEE shall provide payment card companies, acquiring financial institutions, and their respective designees required access to the LESSEE's facilities and all pertinent records as deemed necessary by the CITY to verify LESSEE's compliance with the PCI DSS requirements.
Sample 1
PAYMENT CARD INDUSTRY DATA SECURITY. Customer acknowledges and agrees that it is required to and shall abide by all standards, guidelines, practices or procedures recommended or required by the applicable Payment Networks with respect to data security or protection of cardholder data, as such may be amended from time to time (collectively “Data Security Guidelines”), including, without limitation, Payment Card Industry (“PCI”) Data Security Standards (“PCI-DSS”), PIN Entry Device Standards (“PED”), and Payment Application-Data Security Standards (“PA-DSS”). Currently, the PCI-DSS guidelines require Customer (a) to observe, among other things, standards of due care with regard to the protection of sensitive cardholder information; and (b) to insure that the point of sale equipment and applicable software used by Customer comply with PCI-DSS guidelines. Currently, the PCI-DSS guidelines are based on a list of twelve basic security requirements with which all payment system constituents (including Customer) need to comply. The current requirements are: (1) Install and maintain a firewall configuration to protect cardholder data; (2) Do not use vendor-supplied defaults for system passwords and other security parameters; (3) Protect stored cardholder data; (4) Encrypt transmission of cardholder data across open, public networks; (5) Use and regularly update anti-virus software; (6) Develop and maintain secure systems and applications; (7) Restrict access to cardholder data by business need-to-know; (8) Assign a unique ID to each person with computer access; (9) Restrict physical access to cardholder data; (10) Track and monitor all access to network resources and cardholder data; (11) Regularly test security systems and processes; and (12) Maintain a policy that addresses information security. Customer must also notify WorldPay of all third parties who have access to cardholder data on behalf of Customer (i.e., store, process or otherwise transmit cardholder data). Customer acknowledges such third parties are required by the Payment Networks to be registered, and Customer shall cooperate with WorldPay in completing such registration and be responsible for all fees imposed by the Payment Networks in connection therewith. If Customer knows or suspects a security breach, Customer shall notify WorldPay immediately. Customer shall then go through its security program to identify and remediate the source of the suspected compromise. If a Payment Network requires Customer to submit to an audit in connect...
Sample 1
PAYMENT CARD INDUSTRY DATA SECURITY. Standard (PCI DSS). When transmitting any Account Data (including Cardholder Data, Card Verification Code or Value), Customer must not use the fax signature capability. Even if the data is encrypted, PCI DSS prohibits storing Sensitive Authentication Data, including Card Verification Code or Value after authorization. Capitalized terms in this Section are defined in the PCI DSS.
Sample 1

Related to PAYMENT CARD INDUSTRY DATA SECURITY

  • PROCUREMENT CARD The State has entered into an agreement for purchasing card services. The Purchasing Card enables Authorized Users to make authorized purchases directly from a Contractor without processing Purchase Orders or Purchase Authorizations. Purchasing Cards are issued to selected employees authorized to purchase for the Authorized User and having direct contact with Contractors. Cardholders can make purchases directly from any Contractor that accepts the Purchasing Card. The Contractor shall not process a transaction for payment through the credit card clearinghouse until the purchased Products have been shipped or services performed. Unless the cardholder requests correction or replacement of a defective or faulty Product in accordance with other Contract requirements, the Contractor shall immediately credit a cardholder’s account for Products returned as defective or faulty.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • NIST Cybersecurity Framework The U.S. Department of Commerce National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1.

  • Mail Order Catalog Warnings In the event that, the Settling Entity prints new catalogs and sells units of the Products via mail order through such catalogs to California consumers or through its customers, the Settling Entity shall provide a warning for each unit of such Product both on the label in accordance with subsection 2.4 above, and in the catalog in a manner that clearly associates the warning with the specific Product being purchased. Any warning provided in a mail order catalog shall be in the same type size or larger than other consumer information conveyed for such Product within the catalog and shall be located on the same display page of the item. The catalog warning may use the Short-Form Warning content described in subsection 2.3(b) if the language provided on the Product label also uses the Short-Form Warning.

  • Data Processing Agreement The Data Processing Agreement, including the Approved Data Transfer Mechanisms (as defined in the Data Processing Agreement) that apply to your use of the Services and transfer of Personal Data, is incorporated into this Agreement by this reference. Each party will comply with the terms of the Data Processing Agreement and will train its employees on DP Law.

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.

  • STATEWIDE CONTRACT MANAGEMENT SYSTEM If the maximum amount payable to Contractor under this Contract is $100,000 or greater, either on the Effective Date or at any time thereafter, this section shall apply. Contractor agrees to be governed by and comply with the provisions of §§00-000-000, 00-000-000, 00-000-000, and 00- 000-000, C.R.S. regarding the monitoring of vendor performance and the reporting of contract information in the State’s contract management system (“Contract Management System” or “CMS”). Contractor’s performance shall be subject to evaluation and review in accordance with the terms and conditions of this Contract, Colorado statutes governing CMS, and State Fiscal Rules and State Controller policies.

  • Data Services In lieu of any other rates or discounts, the Customer will receive a discount equal to 20% for the following Data Services: Access: Standard VBS3Guide local loop charges for DS-0, DS-1 and DS-3 Access Service.

  • Financial Management System Subrecipient shall establish and maintain a sound financial management system, based upon generally accepted accounting principles. Contractor’s system shall provide fiscal control and accounting procedures that will include the following: i. Information pertaining to tuition rates, payments, and educational assistance payments; and

  • PERFORMANCE MANAGEMENT SYSTEM 6.1 The Performance Plan (Annexure A) to this Agreement sets out – 6.1.1 The standards and procedures for evaluating the Employee’s performance; and 6.1.2 The intervals for the evaluation of the Employee’s performance. 6.2 Despite the establishment of agreed intervals for evaluation, the Employer may in addition review the Employee’s performance at any stage while the contract of employment remains in force; 6.3 Personal growth and development needs identified during any performance review discussion must be documented in a Personal Development Plan as well as the actions agreed to and implementation must take place within set time frames; 6.4 The Employee’s performance will be measured in terms of contributions to the goals and strategies set out in the Employer’s Integrated Development Plan (IDP) as described in 6.6 – 6.12 below; 6.5 The Employee will submit quarterly performance reports (SDBIP) and a comprehensive annual performance report at least one week prior to the performance assessment meetings to the Evaluation Panel Chairperson for distribution to the panel members for preparation purposes; 6.6 Assessment of the achievement of results as outlined in the performance plan: 6.6.1 Each KPI or group of KPIs shall be assessed according to the extent to which the specified standards or performance targets have been met and with due regard to ad-hoc tasks that had to be performed under the KPI, and the score of the employer will be given to and explained to the Employee during the assessment interview. 6.6.2 A rating on the five-point scale shall be provided for each KPI or group of KPIs which will then be multiplied by the weighting to calculate the final score; 6.6.3 The Employee will submit his self-evaluation to the Employer prior to the formal assessment; 6.6.4 In the instance where the employee could not perform due to reasons outside the control of the employer and employee, the KPI will not be considered during the evaluation. The employee should provide sufficient evidence in such instances; and 6.6.5 An overall score will be calculated based on the total of the individual scores calculated above.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!