Common use of Payment Card Industry Data Security Standard Clause in Contracts

Payment Card Industry Data Security Standard. For e-commerce business and/or payment card transactions, Vendor will comply with the requirements and terms of the rules of all applicable payment card industry associations or organizations, as amended from time to time (PCI Security Standards), and be solely responsible for security and maintaining confidentiality of payment card transactions processed by means of electronic commerce up to the point of receipt of such transactions by a qualified financial institution. Vendor will, at all times during the term of this Agreement, be in compliance with the then current standard for Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) for software, and PIN Transaction Security (PCI PTS) for hardware. Vendor will provide attestation of compliance to UA annually by delivering to UA current copies of the following: (i) Vendor’s “Attestation of Compliance for Onsite Assessments – Service Providers;” (ii) an attestation that all UA locations are being processed and secured in the same manner as those in Vendor’s “PCI Report on Compliance;” and (iii) a copy of Vendor’s PCI Report on Compliance cover letter. Vendor will notify University immediately if Entity becomes non-compliant, and of the occurrence of any security incidents (including information disclosure incidents, network intrusions, successful virus attacks, unauthorized access or modifications, and threats and vulnerabilities) in accordance with the ISPA. Vendor’s services must include the following:

Payment Card Industry Data Security Standard. For e-commerce business and/or payment card transactions, Vendor Entity will comply with the requirements and terms of the rules of all applicable payment card industry associations or organizations, as amended from time to time (PCI Security Standards), and be solely responsible for security and maintaining confidentiality of payment card transactions processed by means of electronic commerce up to the point of receipt of such transactions by a qualified financial institution. Vendor Entity will, at all times during the term of this Agreement, be in compliance with the then current standard for Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) for software, and PIN Transaction Security (PCI PTS) for hardware. Vendor Entity will provide attestation of compliance to UA ASU annually by delivering to UA ASU current copies of the following: (i) VendorEntity’s “Attestation of Compliance for Onsite Assessments – Service Providers;” (ii) an attestation that all UA ASU locations are being processed and secured in the same manner as those in VendorEntity’s “PCI Report on Compliance;” and (iii) a copy of VendorEntity’s PCI Report on Compliance cover letter. Vendor Entity will notify University ASU immediately if Entity becomes non-compliant, and of the occurrence of any security incidents (including information disclosure incidents, network intrusions, successful virus attacks, unauthorized access or modifications, and threats and vulnerabilities) in accordance with the ISPA). VendorEntity’s services must include the following: