Common use of Responsibilities of Merchant Clause in Contracts

Responsibilities of Merchant. Merchant is responsible to comply with the following regarding Merchant’s use of the Data Protection Service: (a) Merchant is required to comply with the Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software use by Merchant in connection with Merchant’s payment processing is compliant with PCI DSS. Use of the Data Protection Service will not cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Rule. Merchant must demonstrate and maintain Merchant’s current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor with corresponding Report on Compliance or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire or Report on Compliance, as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Rules and PCI DSS. (b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of Merchant’s systems or point-of-sale devices (collectively, “Merchant’s Systems”). (c) Merchant must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s Systems, including replacing existing Card numbers on Merchant’s Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. (d) Merchant must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value added reseller “VAR” use by Merchant in connection with the Data Protection Service must be certified for use with the Data Protection Service. (f) If Merchant sends or receives batch files containing completed Card transaction information to/from NMS, Merchant must use the service provided by NMS or its third party providers to enable such files to contain only Tokens or truncated information. (g) Merchant must use truncated report viewing and data extract creation within reporting tools provided by NMS. (h) Merchant is required to follow rules or procedures NMS may provide to Merchant from time to time related to Merchant’s use of the Data Protection Service (“Data Protection Rules and Procedures”). NMS will provide Merchant with advance notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent with the stated title and ownership in this Section 9. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of the Agreement. NMS has the right to immediately terminate this Section 9 and Merchant’s access to and use of the Data Protection Service in the event of a challenge by Merchant. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (i) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party; (ii) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (iii) sell, license or otherwise distribute the Data Protection Service or any portion of it; (iv) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (v) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS or any third party, Merchant will not remove, alter, modify, relocate or erase such notice or legend on such item. (k) Merchant will only use the Data Protection Service for its internal business purposes in a manner consistent with this Agreement. (l) Merchant will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 9. (m) Merchant will promptly notify NMS of a breach of any terms of this Section 9.

Responsibilities of Merchant. Merchant Xxxxxxxx is responsible to comply with the following regarding MerchantXxxxxxxx’s use of the Data Protection Service: (a) Merchant is required to comply with the Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software use by Merchant in connection with Merchant’s payment processing is compliant with PCI DSS. Use of the Data Protection Service will not cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Rule. Merchant must demonstrate and maintain Merchant’s current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor with corresponding Report on Compliance or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire or Report on Compliance, as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Rules and PCI DSS. (b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of Merchant’s systems or point-of-sale devices (collectively, “Merchant’s Systems”). (c) Merchant must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s Systems, including replacing existing Card numbers on Merchant’s Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. (d) Merchant must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value added reseller “VAR” use by Merchant in connection with the Data Protection Service must be certified for use with the Data Protection Service. (f) If Merchant sends or receives batch files containing completed Card transaction information to/from NMS, Merchant must use the service provided by NMS or its third party providers to enable such files to contain only Tokens or truncated information. (g) Merchant must use truncated report viewing and data extract creation within reporting tools provided by NMS. (h) Merchant is required to follow rules or procedures NMS may provide to Merchant from time to time related to MerchantXxxxxxxx’s use of the Data Protection Service (“Data Protection Rules and Procedures”). NMS will provide Merchant with advance notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent with the stated title and ownership in this Section 9. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of the Agreement. NMS has the right to immediately terminate this Section 9 and Merchant’s access to and use of the Data Protection Service in the event of a challenge by MerchantXxxxxxxx. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (i) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party; (ii) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (iii) sell, license or otherwise distribute the Data Protection Service or any portion of it; (iv) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (v) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS or any third party, Merchant will not remove, alter, modify, relocate or erase such notice or legend on such item. (k) Merchant will only use the Data Protection Service for its internal business purposes in a manner consistent with this Agreement. (l) Merchant will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 9. (m) Merchant will promptly notify NMS of a breach of any terms of this Section 9.

Responsibilities of Merchant. Merchant Xxxxxxxx is responsible to comply with the following regarding Merchant’s its use of the Data Protection ServiceTC Services: (a) 8.1 Merchant is required to comply with all federal and state laws, rules and regulations applicable to it, including the Rules, Network Rules and including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software use by Merchant in connection with Merchant’s its payment processing is are compliant with PCI DSS. Use of the Data Protection Service TC Services will not not, on its own, cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Network Rule. Merchant must demonstrate and maintain Merchant’s current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor with corresponding Report on Compliance or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire or Report on Compliance, as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Rules and PCI DSS. (b) 8.2 Use of the Data Protection Service TC Services is not a guarantee against an unauthorized breach of Merchant’s systems or point-of-sale devices (collectively, “Merchant’s Systems”). (c) 8.3 Merchant must deploy the Data Protection Service TC Services (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s Systems. 8.4 Merchant must establish, maintain and provide the necessary security over Merchant’s Systems that integrate or communicate with TrustCommerce’s systems, including replacing existing Card numbers but not limited to website(s), retail stores and call centers. Merchant is fully responsible for all goods or services offered for sale by it and for anyone to whom it provides access to the TC Services including any advertising for such goods or services regardless of the medium. Merchant is also fully liable for any promotions, whether appearing on Merchant’s Systems with Tokenswebsite or otherwise, proffered or offered by Merchant directly or indirectly in reference to any of Merchant’s offerings. Full Card numbers must never be retainedMerchant hereby certifies to TrustCommerce that Merchant is the owner of and/or has the legal right and authority to use, whether utilize and/or disseminate all information, data, graphics, text, video, music or intellectual property which either form a part of Merchant’s website, are in electronic form any way or hard copy. (d) manner incorporated into Merchant’s website, are provided by Merchant must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value added reseller “VAR” use its Customers or those accessing Merchant’s website or are otherwise used or utilized by Merchant in connection its advertising or promotion through any medium available. 8.5 Merchant must establish and maintain appropriate and necessary integration between Merchant’s Systems and TC Services including, but not limited to, delivering the required data to TrustCommerce’s server(s) and ensuring that the data to be transmitted in conjunction with the Data Protection Service must be certified for use with TC Services is accurate and in the Data Protection Serviceformat required by TrustCommerce. 8.6 Merchant acknowledges that the integration and development described in this Section may require Merchant or Merchant’s Internet service provider (f“ISP”) If Merchant sends or receives batch files containing completed Card transaction information to/from NMS, to use the services of a third party such as a web developer. Xxxxxxxx hereby authorizes TrustCommerce to work with Xxxxxxxx’s designated third party to implement the TC Services contracted for under this Addendum. 8.7 Merchant must use establish and implement a connection to the service provided TC Server. Merchant is solely responsible for testing this connection and ensuring that Merchant’s Systems are generating correct Payment Messages and receiving correct responses. When Merchant is satisfied that its testing is complete and successful, it must notify TrustCommerce in writing or by NMS or email of its third party providers request to enable such files to contain only Tokens or truncated informationinitiate the TC Services. (g) 8.8 Merchant must use truncated report viewing will manage its business and data extract creation within reporting tools provided by NMSthe transactions resulting from that business including, but not limited to, all business involving its merchant account, customer support, reconciliation of its merchant account, and processing of its charge backs, returns and all other transaction types. (h) 8.9 Merchant is required to follow rules or procedures NMS may provide to Merchant from time to time related to Merchant’s use of the Data Protection Service (“Data Protection Rules and Procedures”). NMS will provide Merchant with advance notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent comply with the stated title terms and ownership in this Section 9. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach conditions of the Agreement. NMS has . 8.10 Merchant acknowledges that it is solely responsible for the right to immediately terminate this Section 9 maintenance and security over Merchant’s access Systems including any PCI data maintained or passed by Merchant’s systems to TrustCommerce’s systems. 8.11 If Merchant is provided an encryption key, Merchant acknowledges and use agrees that the key is to be treated as TrustCommerce’s confidential information and that TrustCommerce is the sole owner of the Data Protection Service encryption key. Passing the encryption key on to third parties is strictly prohibited. Merchant agrees to be in compliance with the event of a challenge audit specifications established by Merchantthe American National Standards Institute’s (ANSI) Technical Report 39 (TR-39) and PCI PIN Transaction Security (PTS) standards to protect the encryption key, and will not use the encryption key unless such standards are in place. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (i) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or is not permitted in any portion of it way to any third party; (ii) modify, enhance, translate, supplement, create derivative works fromdecompile, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or segregate out any portion of it; or (iii) sell, license or otherwise distribute the Data Protection Service or any portion of it; (iv) make any copies, or permit any copying, component of the Data Protection Service encryption key, nor make such encryption key accessible to third parties 8.12 Merchant will only provide the following data to TrustCommerce: payor/cardholder name; transaction (order) ID; Card number; Card 8.13 Merchant will only enter and/or transmit Primary Account Number (PAN) data to the appropriate fields as represented within the TC Ops Guide. TrustCommerce expressly precludes the entry and/or transmission of any PAN data, encrypted or any portion of it; or (v) use any portion of the Data Protection Service as a standalone program or not, in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS or any third party, Merchant will field not remove, alter, modify, relocate or erase designated for such notice or legend on such iteminformation by Merchant. (k) 8.14 Merchant will only use the Data Protection Service TC Services for its Merchant’s internal business purposes in a manner consistent with this AgreementAddendum. (l) 8.15 Merchant will use only unaltered version(s) of the Data Protection Service TC Services and will not use, operate or combine the Data Protection Service TC Services or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 9herein. (m) 8.16 Merchant will promptly notify NMS TrustCommerce of a breach of any terms of this Section 9Addendum.

Responsibilities of Merchant. Merchant is responsible to comply with the following regarding Merchant’s use of the Data Protection Service: (a) Merchant is required to comply with the Network Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software use by Merchant in connection with Merchant’s payment processing is compliant with PCI DSS. Use of the Data Protection Service will not cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Network Rule. Merchant must demonstrate and maintain Merchant’s current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor with corresponding Report on Compliance or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire or Report on Compliance, as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Network Rules and PCI DSS. (b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of Merchant’s systems or point-point- of-sale devices (collectively, “Merchant’s Systems”). (c) Merchant must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s Systems, including replacing existing Card numbers on Merchant’s Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy.including (d) Merchant must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value added reseller “VAR” use by Merchant in connection with the Data Protection Service must be certified for use with the Data Protection Service. (f) If Merchant sends or receives batch files containing completed Card transaction information to/from NMS, Merchant must use the service provided by NMS or its third party providers to enable such files to contain only Tokens or truncated informationtruncatedinformation. (g) Merchant must use truncated report viewing and data extract creation within reporting tools provided by NMS. (h) Merchant is required to follow rules or procedures NMS may provide to Merchant from time to time related to Merchant’s use of the Data Protection Service (“Data Protection Rules and Procedures”). NMS will provide Merchant with advance written notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent with the stated title and ownership in this Section 96. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of the Agreement. NMS has the right to immediately terminate this Section 9 6 and Merchant’s access to and use of the Data Protection Service in the event of a challenge by Merchant. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (i) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party; (ii) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (iii) sell, license or otherwise distribute the Data Protection Service or any portion of it; (iv) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (v) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS or any third party, Merchant will not remove, alter, modify, relocate or erase such notice or legend on such item. (k) Merchant will only use the Data Protection Service for its internal business purposes in a manner consistent with this Agreement. (l) Merchant will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 96. (m) Merchant will promptly notify NMS of a breach of any terms of this Section 96.

Responsibilities of Merchant. TransArmor Services applies only to Card Transactions sent from Merchant to use for authorization and settlement pursuant to this Agreement, and specifically excludes electronic check transactions. Merchant is responsible to comply with the following regarding Merchant’s its use of the Data Protection ServiceTransArmor Services: (a) Merchant TransArmor Services can only be used with a point of sale device, gateway and/or equipment that is required certified by Bank as TransArmor Services eligible. It is Merchant’s responsibility to comply with the Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software it has eligible equipment in order to use by Merchant in connection with Merchant’s payment processing is compliant with PCI DSS. Use of the Data Protection Service will not cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Rule. TransArmor Services. (b) Merchant must demonstrate and maintain Merchant’s its current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor (QSA) with corresponding Report on Compliance (ROC) or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire (SAQ) or Report on ComplianceCompliance (ROC), as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Rules and PCI DSS. (b) . Use of the Data Protection Service is not a guarantee against an unauthorized breach of TransArmor Services will not, on its own, cause Merchant to be compliant or eliminate Merchant’s systems obligations to comply with PCI DSS or point-of-sale devices (collectively, “Merchant’s Systems”)any other Rule. Merchant must also ensure that all third parties and software that it uses for payment processing comply with PCI DSS. (c) Merchant must deploy the Data Protection Service TransArmor Services (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s its point of sale systems or any facility where it processes and/or stores transaction data (“Merchant Systems, ”) including replacing existing Card numbers on Merchant’s the Merchant Systems with Tokenstokens. Full Card numbers must never be retained, whether in electronic form or hard copy. (d) Merchant must use the Token token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value added reseller “VAR” use by Merchant in connection with the Data Protection Service must be certified for use with the Data Protection Service. (f) If Merchant sends or receives batch files containing completed Card transaction information to/from NMSBank, Merchant must use the service provided by NMS or its third party providers Bank to enable such files to contain only Tokens tokens or truncated information. (gf) Merchant must use truncated report viewing and data extract creation within reporting tools provided by NMSBank. (hg) Merchant is required to follow rules or procedures NMS Bank may provide to Merchant from time to time related to Merchant’s use of the Data Protection Service TransArmor Services (“Data Protection TransArmor Services Rules and Procedures”). NMS Bank will provide Merchant with advance written notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent with the stated title and ownership in this Section 9. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of the Agreement. NMS has the right to immediately terminate this Section 9 and Merchant’s access to and use of the Data Protection Service in the event of a challenge by Merchant. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (i) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party; (ii) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (iii) sell, license or otherwise distribute the Data Protection Service or any portion of it; (iv) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (v) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS or any third party, Merchant will not remove, alter, modify, relocate or erase such notice or legend on such item. (k) Merchant will only use the Data Protection Service for its internal business purposes in a manner consistent with this Agreement. (lh) Merchant will use only unaltered version(s) of the Data Protection Service TransArmor Services and will not use, operate or combine the Data Protection Service TransArmor Services or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 9Agreement. (mi) Merchant will promptly notify NMS Bank of a breach of any terms of this Section 9these terms.

Responsibilities of Merchant. Merchant Xxxxxxxx is responsible to comply with the following regarding MerchantXxxxxxxx’s use of the Data Protection Service: (a) Merchant is required to comply with the Network Rules, including taking all steps required to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Merchant must ensure that all third parties and software use by Merchant in connection with Merchant’s payment processing is compliant with PCI DSS. Use of the Data Protection Service will not cause Merchant to be compliant or eliminate Merchant’s obligations to comply with PCI DSS or any other Network Rule. Merchant must demonstrate and maintain Merchant’s current PCI DSS compliance certification. Compliance must be validated either by a Qualified Security Assessor with corresponding Report on Compliance or by successful completion of the applicable PCI DSS Self-Assessment Questionnaire or Report on Compliance, as applicable, and if applicable to Merchant’s business, passing quarterly network scans performed by an Approved Scan Vendor, all in accordance with the Network Rules and PCI DSS. (b) Use of the Data Protection Service is not a guarantee against an unauthorized breach of Merchant’s systems or point-point- of-sale devices (collectively, “Merchant’s Systems”). (c) Merchant must deploy the Data Protection Service (including implementing any upgrades to such service within a commercially reasonable period of time after receipt of such upgrades) throughout Merchant’s Systems, including replacing existing Card numbers on Merchant’s Systems with Tokens. Full Card numbers must never be retained, whether in electronic form or hard copy. (d) Merchant must use the Token in lieu of the Card number for ALL activities subsequent to receipt of the authorization response associated with the transaction, including without limitation, settlement processing, retrieval processing, chargeback and adjustment processing and transaction reviews. (e) Any point of sale device, gateway and/or value value-added reseller (“VAR” ”) use by Merchant in connection with the Data Protection Service must be certified for use with the Data Protection Service. (f) If Merchant sends or receives batch files containing completed Card transaction information to/from NMSISO, Merchant must use the service provided by NMS ISO or its third third-party providers to enable such files to contain only Tokens or truncated information. (g) Merchant must use truncated report viewing and data extract creation within reporting tools provided by NMSISO. (h) Merchant is required to follow rules or procedures NMS ISO may provide to Merchant from time to time related to Merchant’s use of the Data Protection Service (“Data Protection Rules and Procedures”). NMS ISO will provide Merchant with advance written notice of any such rules or procedures or changes to such rules or procedures. (i) Merchant has no right, title or interest in or to the Data Protection Service, any related software, materials or documentation, or any derivative works thereof, and nothing in this Agreement assigns or transfers any such right, title or interest to Merchant. Merchant shall not take any action inconsistent with the stated title and ownership in this Section 9. T. Merchant will not file any action, in any forum, that challenges the ownership of the Data Protection Service, any related software, materials or documentation. Failure to comply with this provision will constitute a material breach of the Agreement. NMS ISO has the right to immediately terminate this Section 9 T and Merchant’s access to and use of the Data Protection Service in the event of a challenge by MerchantXxxxxxxx. No additional rights are granted by implication, estoppel or otherwise. (j) Merchant will not: (ia) distribute, lease, license, sublicense or otherwise disseminate the Data Protection Service or any portion of it to any third party; (iib) modify, enhance, translate, supplement, create derivative works from, reverse engineer, decompile or otherwise reduce to human-readable form the Data Protection Service or any portion of it; or (iiic) sell, license or otherwise distribute the Data Protection Service or any portion of it; (ivd) make any copies, or permit any copying, of the Data Protection Service or any portion of it; or (ve) use any portion of the Data Protection Service as a standalone program or in any way independently from the Data Protection Service. If any portion of the Data Protection Service contains any copyright notice or any other legend denoting the proprietary interest of NMS ISO or any third party, Merchant will not remove, alter, modify, relocate or erase such notice or legend on such item. (k) Merchant will only use the Data Protection Service for its internal business purposes in a manner consistent with this Agreement. (l) Merchant will use only unaltered version(s) of the Data Protection Service and will not use, operate or combine the Data Protection Service or any related software, materials or documentation, or any derivative works thereof with other products, materials or services in a manner inconsistent with the uses contemplated in this Section 9. T. (m) Merchant will promptly notify NMS ISO of a breach of any terms of this Section 9.T.