Common use of PCI Compliance Clause in Contracts

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all channels for Payment acceptance: Web, Mobile, IVR, POS devices (per Paymentus recommended setup), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). If Client chooses any other integration such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or POS solution not recommended by Paymentus, or a cashiering module from third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its own systems as Client’s recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such party is required to be PCI compliant as the systems are in scope.

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all the following channels for Payment acceptance: Web, Mobile, IVR, POS devices operated by Client’s employees (per Paymentus recommended setup), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). Paymentus agrees to maintain PCI compliance while performing the services provided herein for the Client throughout the term of this Agreement. If Client chooses any other integration integration, such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or other POS solution not recommended by Paymentusor customer self-service solutions, or a cashiering module from a third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its own systems as Client’s Client recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such those circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications applications, such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such that party is required to be PCI compliant as the systems are in scope.

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; Solution ;or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all channels for Payment acceptance: Web, Mobile, IVR, POS devices (per Paymentus recommended setup)devices, recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). If Client chooses any other integration such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or POS solution not recommended provided by Paymentus, or a cashiering module from third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on at its own systems as Client’s recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform Platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platformtransactions. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirementsFor clarity, if a party’s systems participate in processing, or accepting or storing card transactions, such party is required to be PCI compliant as the Client systems are participating in payment transactions in any form, Client systems fall within PCI compliance scope.

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all the following channels for Payment acceptance: Web, Mobile, IVR, POS devices operated by Client’s employees (per Paymentus recommended setup), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). If Client chooses any other integration integration, such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or other POS solution not recommended by Paymentusor customer self- service solutions, or a cashiering module from a third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its own systems as Client’s Client recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such those circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications applications, such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such that party is required to be PCI compliant as the systems are in scope.

PCI Compliance. For If you use Payment Processing Services to accept payment card Transactions, you must comply with the Payment Card Industry Data Security Standards ("PCI-DSS") and, if applicable to your business, the Payment Application Data Security Standards (PA-DSS) (collectively, the "PCI ComplianceStandards"). The PCI Standards include requirements to maintain materials or records that contains payment card or Transaction data in a safe and secure manner with access limited to authorised personnel. Fyiro provides tools to simplify your compliance with the PCI Standards, Client has two options for using Paymentus platform: but you must ensure that your business is compliant. The specific steps you will need to take to comply with the PCI Standards will depend on your implementation of the Payment Processing Services. You can find more information about implementing Fyiro in a manner compliant with the PCI Standards in our Documentation. You will promptly provide us, or any applicable Payment Method Provider or Payment Method Acquirer, with documentation demonstrating your compliance with the PCI Standards upon our request. If you are unable to provide documentation sufficient to satisfy us, the Payment Method Providers, or the applicable Payment Method Acquirers, that you are compliant with the PCI Standards, then Fyiro, and any applicable Payment Method Provider or Payment Method Acquirer, may access your business premises on reasonable notice to verify your compliance with the PCI Standards. If you elect to store or hold "Account Data", as defined by the PCI Standards (i) Paymentus Fully Hosted Solution; or (ii) Any other configuration To substantially reduce including Customer card account number or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all channels for Payment acceptance: Web, Mobile, IVR, POS devices (per Paymentus recommended setupexpiration date), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”)you must maintain a system that is compliant with the PCI Standards. If Client chooses any other integration such as third party web pages integrated you do not comply with Paymentus APIs, third party gateway pagesthe PCI Standards, or its own IVR systems or POS solution not recommended by Paymentus, or a cashiering module from third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its own systems as Client’s recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems if we or any third party systems that participate in Payment Method Provider or Payment Method Acquirer are unable to verify your compliance with the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted SolutionStandards, Client agrees and warrants that Client shall remain PCI compliant throughout the term of we may suspend your Fyiro Account or terminate this Agreement. For clarityIf you intend to use a third party service provider to store or transmit Account Data, just because Client uses you must not share any data with the service provider until you verify that the third party holds sufficient certifications under the PCI compliant applications such Standards, and notify us of your intention to share Account Data with the service provider. Further, you agree to never store or hold any "Sensitive Authentication Data", as its billing softwaredefined by the PCI Standards (including CVC or CVV2), it does not eliminate at any time. You can find information about the need for Client to be PCI compliant. Per Standards on the PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such party is required to be PCI compliant as the systems are in scopeCouncil's website.

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all channels for Payment acceptance: Web, Mobile, IVR, POS devices (per Paymentus recommended setup), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). If Client chooses any other integration such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or POS solution not recommended by Paymentus, or a cashiering module from third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its Client’s own systems as Client’s recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus Paymentus’s own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution as outlined above to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant (that is, compliant with the Payment Card Industry Data Security Standard (PCI-DSS)) throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such party is required to be PCI compliant as the systems are in scope.

PCI Compliance. For PCI Compliance, Client has two options for using Paymentus platform: (i) Paymentus Fully Hosted Solution; Solution ;or (ii) Any other configuration To substantially reduce or eliminate any PCI compliance risks and to render all Client systems out of scope from PCI compliance requirements, Client agrees to use Paymentus’ fully hosted service where Paymentus uses its own platform to capture Payments and to manage the entire (end to end) user experience from all channels for Payment acceptance: Web, Mobile, IVR, POS devices (per Paymentus recommended setup), recurring payments, Ebill Presentment (“Paymentus Fully Hosted Solution”). If Client chooses any other integration such as third party web pages integrated with Paymentus APIs, third party gateway pages, or its own IVR systems or POS solution not recommended by Paymentus, or a cashiering module from third party, Client expressly agrees that Client shall not be exempt from PCI requirements and shall be liable for any data breaches occurring on its own systems as Client’s recognizes that Client systems are participating in the transactions and are in scope for PCI compliance. Under such circumstances, Paymentus shall not be responsible for any PCI obligations outside of Paymentus own platform and Paymentus expressly disclaims any PCI or security obligations related to Client systems or any third party systems that participate in the payment transactions that are outside of Paymentus Platform. Paymentus highly recommends that Client uses Paymentus Fully Hosted Solution to substantially reduce its PCI compliance and data breach risks. If Client chooses to use any other option other than Paymentus Fully Hosted Solution, Client agrees and warrants that Client shall remain PCI compliant throughout the term of this Agreement. For clarity, just because Client uses PCI compliant applications such as its billing software, it does not eliminate the need for Client to be PCI compliant. Per PCI requirements, if a party’s systems participate in processing, or accepting or storing card transactions, such party is required to be PCI compliant as the systems are in scope.