PCI Requirements. If Receiving Party has access to, stores, or processes the Disclosing Party’s customers’ cardholder information, Receiving Party hereby confirms that it has on file a current Report on Compliance, evidencing that it is in compliance with the payment card industry (“PCI”) data security standard (“DSS”). Receiving Party shall provide Disclosing Party with a copy of the PCI DSS Attestation of Compliance Letter upon request. In addition to the foregoing, to the extent applicable to the Services being provided to Disclosing Party hereunder, Receiving Party will comply with and adhere to the PCI DSS in effect from time to time. Each party shall be responsible for the implementation, testing, and compliance with respect to PCI data security controls within their respective PCI DSS boundaries. These requirements are applicable to all infrastructure and systems processing or storing any cardholder information as defined by the PCI DSS. Any change in Receiving Party’s PCI compliance and/or certification status shall be promptly communicated to Disclosing Party.
PCI Requirements. Contractors providing services and products that collect, transmit or store cardholder data, are subject to the following requirements:
PCI Requirements. Contractors providing services and products that collect, transmit or store cardholder data, are subject to the following requirements: Applications shall be compliant with the Payment Application Data Security Standard (PA-DSS) and validated by a Payment Application Qualified Security Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must then be listed on the PCI Council’s list of PA-DSS approved and validated payment applications. Gateway providers shall have appropriate Payment Card Industry Data Security Standards (PCI DSS) certification as service providers (xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxx.xxxxx). Compliance with the PCI DSS shall be achieved through a third party audit process. The Contractor shall comply with Visa Cardholder Information Security Program (CISP) and MasterCard Site Data Protection (SDP) programs. For any Contractor that processes PIN Debit Cards, payment card devices supplied by Contractor shall be validated against the PCI Council PIN Transaction Security (PTS) program. For items 63(a) to 63(c) above, Contractor shall provide a letter from its qualified security assessor (QSA) affirming its compliance and current PCI or PTS compliance certificate. Contractor shall be responsible for furnishing City with an updated PCI compliance certificate 30 days prior to its expiration. Bank Accounts. Collections that represent funds belonging to the City and County of San Francisco shall be deposited, without detour to a third party’s bank account, into a City and County of San Francisco bank account designated by the Office of the Treasurer and Tax Collector.
PCI Requirements. In addition to the obligations set forth above, and notwithstanding anything in this Agreement to the contrary, TSYS and COMPANY each will comply with and adhere to the payment card industry (“PCI”) data security standard (“DSS”) in effect from time to time, shall implement and maintain appropriate measures to comply with PCI DSS and, to extent required by applicable issuers or payment networks contracting with a party, such party shall require its vendors and suppliers to comply with PCI DSS and as well as PA-DSS. In the event a PCI representative or PCI authorized third-party seeks to conduct a security audit or review of TSYS or COMPANY at any time, including, without limitation, after an alleged or actual security intrusion, for the purpose of validating TSYS’ or COMPANY’s status, effectiveness or compliance with the PCI DSS, the audited party will fully cooperate with such audit or review. Each party shall immediately notify the other party in the event it has suffered a data breach or other system intrusion.
PCI Requirements a. Applications shall be compliant with the Payment Application Data Security Standard (PA-DSS) and validated by a Payment Application Qualified Security Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must then be listed on the PCI Council’s list of PA-DSS approved and validated payment applications.
