Payment Card Industry Data Security Standard Sample Clauses
Payment Card Industry Data Security Standard. For e-commerce business and/or payment card transactions, Vendor will comply with the requirements and terms of the rules of all applicable payment card industry associations or organizations, as amended from time to time (PCI Security Standards), and be solely responsible for security and maintaining confidentiality of payment card transactions processed by means of electronic commerce up to the point of receipt of such transactions by a qualified financial institution. Vendor will, at all times during the term of this Agreement, be in compliance with the then current standard for Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) for software, and PIN Transaction Security (PCI PTS) for hardware. Vendor will provide attestation of compliance to UA annually by delivering to UA current copies of the following: (i) Vendor’s “Attestation of Compliance for Onsite Assessments – Service Providers;” (ii) an attestation that all UA locations are being processed and secured in the same manner as those in Vendor’s “PCI Report on Compliance;” and (iii) a copy of Vendor’s PCI Report on Compliance cover letter. Vendor will notify University immediately if Entity becomes non-compliant, and of the occurrence of any security incidents (including information disclosure incidents, network intrusions, successful virus attacks, unauthorized access or modifications, and threats and vulnerabilities) in accordance with the ISPA. Vendor’s services must include the following:
Payment Card Industry Data Security Standard. For e-commerce business and/or credit card transactions, Supplier agrees to be bound by the requirements and terms of the Rules of all applicable Card Associations, as amended from time to time, and be solely responsible for security and maintaining confidentiality of Card transactions processed by means of electronic commerce up to the point of receipt of such transactions by Bank.
Payment Card Industry Data Security Standard. Neither Company nor any of their Subsidiaries has received notice from any credit card company or credit card processor that (a) either Company or any Subsidiary is not in compliance with the applicable guidelines and standards established by the Payment Card Industry Data Security Standards (“PCI DSS”) or
Payment Card Industry Data Security Standard. 23.1 University requires that Contractor shall at all times maintain compliance with the most current Payment Card Industry Data Security Standards (PCI DSS). Contractor will be required to provide written confirmation of compliance. Contractor acknowledges responsibility for the security of cardholder data as defined within the PCI DSS. Contractor acknowledges and agrees that cardholder data may only be used for completing the contracted services as described in the full text of this document, or as required by the PCI DSS, or as required by applicable law. Similarly, Contractor should be prepared to demonstrate the compliance of any third party it has sub- contracted as part of the service offering. As evidence of compliance, Contractor shall provide upon request a current attestation of compliance signed by a PCI QSA (Qualified Security Assessor).
Payment Card Industry Data Security Standard. For e-commerce business and/or credit card transactions, Caterer agrees to be bound by the requirements and terms of the Rules of all applicable Card Associations, as amended from time to time, and be solely responsible for security and maintaining confidentiality of Card transactions processed by means of electronic commerce up to the point of receipt of such transactions by Bank. Caterer is required to be in compliance with the requisites of the SAS 70 and/or Payment Card Industry Data Security Standard.
Payment Card Industry Data Security Standard. Contractor shall comply with the Payment Card Industry Data Security Standard as outlined in Exhibit D, which is incorporated by this reference and made a part hereof.
Payment Card Industry Data Security Standard. The Authority utilizes systems and networks that store, process, and/or transmit cardholder data as defined by the Payment Card Industry (PCI) Security Standards Council (Cardholder Data). As such, these systems, networks, and procedures are required to comply with the PCI Data Security Standard (PCI DSS). The Contractor shall comply with the PCI DSS requirements for such systems and acknowledges that the Contractor is responsible for the security of cardholder data handled by the Contractor. The Authority and the Contractor shall meet to identify the specific systems and networks that store, process and/or transmit cardholder data to determine the desired actions and identify responsibilities as applicable to the PCI DSS requirement areas.
Payment Card Industry Data Security Standard. For e-commerce business and/or payment card transactions, Subrecipient will comply with the requirements and terms of the rules of all applicable payment card industry associations or organizations, as amended from time to time (PCI Security Standards), and be solely responsible for security and maintaining confidentiality of payment card transactions processed by means of electronic commerce up to the point of receipt of such transactions by a qualified financial institution. Subrecipient will, at all times during the term of this Agreement, be in compliance with the then current standard for Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) for software, and PIN Transaction Security (PCI PTS) for hardware. Subrecipient will provide attestation of compliance to ASU annually by delivering to ASU current copies of the following: (i) Subrecipient’s “Attestation of Compliance for Onsite Assessments – Service Providers;” (ii) an attestation that all ASU locations are being processed and secured in the same manner as those in Subrecipient’s “PCI Report on Compliance;” and (iii) a copy of Subrecipient’s PCI Report on Compliance cover letter. Subrecipient will notify ASU immediately if Subrecipient becomes non-compliant, and of the occurrence of any security incidents (including information disclosure incidents, network intrusions, successful virus attacks, unauthorized access or modifications, and threats and vulnerabilities). Subrecipient’s services must include the following:
(a) Subrecipient maintains its own network operating on its own dedicated infrastructure. Subrecipient’s network includes a firewall that (i) includes access control rules that separate Subrecipient’s PCI network from ASU, and (ii) restricts any communication between Subrecipient’s network devices and ASU systems.
(b) Subrecipient treats the ASU network as an untrusted network and no unencrypted cardholder data traverses or otherwise is stored on ASU’s network, and ASU has no ability to decrypt cardholder data.
(c) All devices must be SRED (secure reading and exchange of data), EMV (Europay, MasterCard and VISA) and PTS POI compliant. [Required in all contracts for electronic and information technology and products and services to be used by employees, students, program participants, or other ASU constituencies]
Payment Card Industry Data Security Standard. For e-commerce business and/or credit card transactions, the Offeror agrees to be bound by the requirements and terms of the Rules of all applicable Card Associations, as amended from time to time and be solely responsible for security and maintaining confidentiality of Card transactions processed by means of electronic commerce up to the point of receipt of such transactions by Bank. The Offeror is required to be in compliance with the current or successor standard for Payment Card Industry Data Security Standard “PCI DSS”, Payment Application Data Security Standard “PA DSS” for software and PIN Transaction Security “PCI PTS” for hardware and provide attestation of compliance annually. The technical solution must include the following:
36.1. The Offeror maintains their own network operating on their own dedicated infrastructure. The Offeror’s network includes a firewall that includes access control rules that separate the Offeror’s PCI network from ABOR and restricts any communication between the Offeror’s network devices and the ABOR systems.
36.2. The Offeror treats the ABOR network as an untrusted network and encrypts all cardholder data traversing the ABOR network using industry standard encryption algorithms.
36.3. A system where ABOR has no ability to decrypt cardholder data.
36.4. Devices must be Secure Reading and Exchange of Data “SRED” and PTS 3.x compliant. Europay, MasterCard and Visa “EMV” compliance is required by October 1, 2015.
Payment Card Industry Data Security Standard. Undertaking by Contractor. Contractors that process, transmit, store or affect the security of credit/debit cardholder data, must adhere to the Payment Card Industry Data Security Standard (PCI DSS). The Contractor is responsible for the security of cardholder data in its possession. The data may only be used to assist the State or for other uses specifically authorized by law.