Common use of PAYMENT CARD INDUSTRY DATA SECURITY Clause in Contracts

PAYMENT CARD INDUSTRY DATA SECURITY. [INCLUDE PROVISION IF THE SERVICES INVOLVE STORAGE, PROCESSING OR TRANSMITTAL OF PAYMENT CARD ACCOUNT NUMBERS. DELETE THIS CLAUSE IF INAPPLICABLE.] a. CONTRACTOR agrees to establish security procedures to protect cardholder data and comply with the Payment Card Industry Data Security Standards (PCI DSS). Contractor can find details of the PCI DSS at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/security_standards/pci_dss.shtml b. CONTRACTOR agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] within 30 days if either CONTRACTOR establishes that it is not PCI-compliant or CONTRACTOR is notified by a Qualified Security Assessor (QSA) or CONTRACTOR’s acquiring bank that CONTRACTOR is not PCI-compliant. c. CONTRACTOR agrees to comply with all applicable laws that require the notification of individuals in the event of unauthorized release of cardholder data. In the event of a breach of any of CONTRACTOR's security obligations or other event requiring notification under applicable law, CONTRACTOR agrees to assume responsibility for informing all such individuals in accordance with applicable law and to indemnify, hold harmless and defend Minnesota State Colleges and Universities and [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] and its trustees, officers, and employees from and against any claims, damages, or other harm related to such a breach. d. CONTRACTOR agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE]’s authorized representative within 24 hours in the event of unauthorized release of cardholder data.

PAYMENT CARD INDUSTRY DATA SECURITY. [INCLUDE PROVISION IF THE SERVICES INVOLVE STORAGE, PROCESSING OR TRANSMITTAL OF PAYMENT CARD ACCOUNT NUMBERS. DELETE THIS CLAUSE IF INAPPLICABLE.] a. CONTRACTOR agrees to establish security procedures to protect cardholder data and comply with the Payment Card Industry Data Security Standards (PCI DSS). Contractor can find details of the PCI DSS at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/security_standards/pci_dss.shtml b. CONTRACTOR XXXXXXXXXX agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] within 30 days if either CONTRACTOR establishes that it is not PCI-compliant or CONTRACTOR is notified by a Qualified Security Assessor (QSA) or CONTRACTOR’s acquiring bank that CONTRACTOR is not PCI-compliant. c. CONTRACTOR agrees to comply with all applicable laws that require the notification of individuals in the event of unauthorized release of cardholder data. In the event of a breach of any of CONTRACTOR's security obligations or other event requiring notification under applicable law, CONTRACTOR agrees to assume responsibility for informing all such individuals in accordance with applicable law and to indemnify, hold harmless and defend Minnesota State Colleges and Universities and [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE] and its trustees, officers, and employees from and against any claims, damages, or other harm related to such a breach. d. CONTRACTOR XXXXXXXXXX agrees to notify [INSERT NAME OF COLLEGE/UNIVERSITY/THE SYSTEM OFFICE]’s authorized representative within 24 hours in the event of unauthorized release of cardholder data.