Protecting Cardholder information. 5.1. Payment Card Industry Data Security Standards (PCI DSS). Visa, MasterCard, American Express, Discover Network and JCB aligned data security requirements to create a global standard for the protection of Cardholder data. The resulting Payment Card Industry Data Security Standards (PCI DSS) defines the requirements with which all entities that store, process, or transmit payment card data must comply. PCI DSS is the name used to identify those common data security requirements. The Cardholder Information Security Program (CISP) is Visa USA’s data security program, the Site Data Protection (SDP) program is MasterCard’s data security program, Data Security Requirements (DSR) is American Express’s data security program, and Discover Network Information Security and Compliance (DISC) is Discover Network’s data security program, each based on the PCI DSS and industry aligned validation requirements. PCI DSS compliance validation is focused on any system(s) or system component(s) where Cardholder data is retained, stored, or transmitted, including: • All external connections into Your network (i.e., employee remote access, third party access for processing, and maintenance); • All connections to and from the authorization and settlement environment (i.e., connections for employee access or for devices such as firewalls, and routers); and • Any data repository outside of the authorization and settlement environment. The Associations or We may impose fines or penalties, or restrict You from accepting Cards if it is determined that You are not compliant with the applicable data security requirements. We may in our sole discretion, suspend or terminate Card processing Services under Your Merchant Agreement for any actual or suspected data security compromise. Detailed information about DISC, can be found at the PCI DSS Council’s website: xxx.xxxxxxxxxxxxxxxxxxxx.xxx Detailed information about Visa’s CISP program can be found at Visa’s CISP website: xxx.xxxx.xxx/xxxx. Detailed information about MasterCard’s SDP program can be found at the MasterCard SDP website: xxxxx://xxx.xxxxxxxxxxxxxx.xxx. Detailed information about DISC can be found at Discover Network’s DISC website: xxxx://xxx.xxxxxxxxxxxxxxx.xxx/fraudsecurity/disc.html. Detailed information about American Express’s Data Security Requirements (“DSR”) can be found at xxx.xxxxxxxxxxxxxxx.xxx/xxx.
Protecting Cardholder information. A. Data Security: Merchant Establishment must comply with the current Payment Card industry (PCl) Data security Standard. PCI data Security Standards means the then current comprehensive set of requirements for protecting Customer account data published by PCI Security Standards Council, LLC, made up of representatives from American Express, Discover Financial Services, lCB, Mastercard Worldwide and VISA international or any other Card Association. PCI Data Security Standards are published at xxxxx://xxxxxxxxxxxxxxxxxxxxxxx.xxx/
