Protecting Cardmember Information. You must protect Cardmember Information, as described in the Merchant Regulations. You have additional obligations based on your Transaction volume, including providing to us documentation validating your compliance with the PCI DSS.
Protecting Cardmember Information. You must notify our agent immediately if you know or suspect that Cardmember Information has been accessed or used without authorization or used other than in accordance with the Agreement. You must promptly provide to us and our agent all Card Numbers related to the data incident and audit reports of the data incident, and you must work with us and our agent to rectify any issues arising from the data incident, as specified in the Merchant Regulations.
Protecting Cardmember Information. 12.1. Standards for protection of information: Except as otherwise specified, you must, and you must cause your Covered Parties, to:
12.1.1. store Cardmember Information only to facilitate Card transactions in accordance with this Agreement; and
12.1.2. comply with the then-current Payment Card Industry Data Security Standard (PCI Standard). You must protect all Charge Records and Credit Records retained pursuant to this Agreement in accordance with these data security provisions. You must use these records only for purposes of this Agreement and safeguard them accordingly. Your data security procedures for the Card shall be no less protective than for Other Payment Products you accept. You are liable for your Covered Parties’ compliance with this section. Covered Parties means any or all of your employees, agents, representatives, subcontractors, Processors, providers of your point of sale equipment or systems or payment processing solutions, and any other party to whom you may provide Cardmember Information access in accordance with this Agreement.
Protecting Cardmember Information. You must, and you must cause your Covered Parties to: (i) store Cardmember Information only to facilitate Card transactions in accordance with, and as required by this Agreement, and (ii) comply with the current version of the Payment Card Industry Data Security Standard (“PCI DSS”, which is available at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/) no later than the effective date for implementing that version. For the avoidance of doubt, the data elements that constitute Cardmember Information shall be treated according to their corresponding meanings as “cardholder data” and “sensitive authentication data,” as such terms are used in the then current PCI DSS. You must protect all Charge Records and Credit Records retained pursuant to the Agreement in accordance with these data security provisions; you must use these records only for purposes of the Agreement and safeguard them accordingly. You are financially and otherwise liable to us and our Affiliates for ensuring your Covered Parties’ compliance with these data security provisions. Covered Parties means any or all of your employees, agents, representatives, subcontractors, Processors, providers of your point of sale equipment or systems or payment processing solutions, and any other party to whom you may provide Cardmember Information access in accordance with this Agreement. You further must comply with our Data Security Operating Policy, a copy of which is available at xxxxx://xxx.xxxxxxxxxxxxxxx.xxx/ datasecurity, and which we may amend from time to time. You have additional obligations under that policy based on your transaction volume, including providing to us documentation validating your compliance with the PCI Standard performed by Qualified Security Assessors or Approved Scanning Vendors (or both), as described in the policy. We have the right to assess non-validation fees in accordance with that policy for your failure to comply with those obligations as further described in the attached Fee Schedule (Data Security Non Validation Fee).
Protecting Cardmember Information
