Payment Card Industry (PCI) Compliance. If and to the extent at any point during the Agreement the Software accepts, transmits, or stores any credit cardholder data or is reasonably determined by County to potentially impact the security of County’s cardholder data environment (“CDE”), Contractor must:
Payment Card Industry (PCI) Compliance. If and to the extent the Contractor Platform accepts, transmits or stores any credit cardholder data County or is reasonably determined by County to potentially impact the security of County’s cardholder data environment (“CDE”), the following provisions shall apply: Contractor shall comply with the most recent version of the Security Standards Council’s Payment Card Industry (“PCI”) Data Security Standard (“DSS”). Prior to the Effective Date, after any significant change to the CDE, and annually Contractor shall provide to County: A copy of their Annual PCI DSS Attestation of Compliance (“AOC”); A written acknowledgement of responsibility for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the County, or to the extent that the service provider could impact the security of the county’s cardholder data environment. A PCI DSS responsibility matrix that outlines the exact PCI DSS Controls are the responsibility of the service provider and which controls the service provider shares responsibility with the County. Contractor shall follow the VISA Cardholder Information Security Program (“CISP”) payment Application Best Practices and Audit Procedures and maintain current validation. If Contractor subcontracts or in any way outsources the CDE processing, or provides an API which redirects or transmits County Data to a payment gateway, Contractor is responsible for maintaining PCI compliance for their API and providing the AOC for the subcontractor or payment gateway to the County. Mobile payment application providers must follow industry best practices such as VISA Cardholder Information Security Program (“CISP”) or OWASP for secure coding and transmission of payment card data. Contractor agrees that it is responsible for the security of the County’s cardholder data that it possesses, including the functions relating to storing, processing, and transmitting of the cardholder data. Contractor will immediately notify County if it learns that it is no longer PCI DSS compliant and will immediately provide County the steps being taken to remediate the noncompliant status. In no event should Contractor’s notification to County be later than seven (7) calendar days after Contractor learns it is no longer PCI DSS complaint. Contractor shall enforce automatic disconnect of sessions for remote access technologies after a specific period of inactivity with regard to connectivity into County infrastructure. (...
Payment Card Industry (PCI) Compliance. Contractor agrees to comply with all applicable state, federal and international laws, as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Protected Information. Contractor and/or any subcontractor that handles credit card data must be, and remain, PCI compliant under the current standards and will provide documentation confirming compliance upon request by the City of Fort Lauderdale, failure to produce documentation could result in termination of the contract.
Payment Card Industry (PCI) Compliance. (a) The Vendor warrants and represents that it is aware of the PCI Standard and that the Services will comply with the PCI Standard and any requirements related to the PCI Standard set out in this agreement.
Payment Card Industry (PCI) Compliance. 11.1 Section 11 applies whenever you are “PCI Relevant.” “
Payment Card Industry (PCI) Compliance
