Waiver; Limitations on Waiver. Upon your successful validation of compliance with the PCI DSS under the PCI Program, we agree to waive your liability to us, up to $50,000, for the following fees and costs incurred as a result of a verified compromise of cardholder data that are otherwise your liability under this Agreement: (1) fees and costs associated with a required forensic audit conducted by an approved Qualified Incident Response Assessor (QIRA); (2) fines or assessments levied by a Card Organization as a result of the required forensic audit; and (3) fees and costs associated with the production and distribution of replacement credit cards for compromised card numbers (the “Waiver”). The Waiver provided under this Section is also subject to the following: (i) Our agreement to waive your liability to us for the fees and costs described in this Section is only effective upon: (1) your continued validation of compliance with the PCI DSS and participation in the PCI Program; and (2) your successful completion of the PCI Compliance Validation Process described in Section 15.D.b above; provided, however, that there is no change in your business practices regarding Card acceptance. Your continuing qualification for the PCI Program is premised upon initial validation of your compliance with the PCI DSS as described in Section 15.D.b above and timely re-validation of your compliance with the PCI DSS, including annual completion of a SAQ and passing quarterly vulnerability scans, if applicable, payment of the Program cost, and otherwise complying with the terms of the Program and the Agreement. (ii) If you are in compliance with the requirements of subsection (i) above, we agrees to waive up to $50,000 in fees and costs described in this Section for each unique Merchant Identification Number (MID). If you have multiple MIDs that have the same federal tax identification number (or in the case of a sole proprietorship, the same social security number), then the maximum aggregate Waiver amount for those MIDs is limited to $100,000. In addition, if a MID is one of a group of MIDs that are eligible for and receive a multi-merchant discount for the PCI Program fees, the aggregate Waiver for all MIDs in such group is $100,000. (iii) Your validation of compliance with the PCI DSS through the PCI Program is required to be eligible for the Waiver. To validate your compliance, Merchant must successfully complete the PCI Compliance Validation Process described in Section 15.D.b, including any required re-validation of your compliance with the PCI DSS as described in Section 15.D.b (v). You will not be eligible for the Waiver if your SAQ is not current, if you have not timely completed the quarterly vulnerability scans, or if you have otherwise failed to maintain compliance with the PCI DSS through the PCI Program. (iv) Our Waiver of up to $50,000 of the costs and fees described is limited to one (1) compromise of cardholder data incident per Program year. Any subsequent incidents occurring during the same Program year are not eligible for the Waiver, and any costs and fees associated with such incident(s) remain your liability under this Agreement. Chargebacks and reversals are not eligible for the Waiver under any circumstances.
Appears in 8 contracts
Samples: Merchant Processing Agreement, Merchant Processing Agreement, Merchant Processing Agreement
Waiver; Limitations on Waiver. Upon your Merchant’s successful validation of compliance with the PCI DSS under the PCI Program, we agree Processor agrees to waive your Merchant’s liability to usProcessor, up to $50,000, for the following fees and costs incurred as a result of a verified compromise of cardholder data that are otherwise your Merchant’s liability under this Agreement: (1) fees and costs associated with a required forensic audit conducted by an approved Qualified Incident Response Assessor (QIRA); (2) fines or assessments levied by a Card Organization as a result of the required forensic audit; and (3) fees and costs associated with the production and distribution of replacement credit cards for compromised card numbers (the “Waiver”). The Waiver provided under this Section subsection C. is also subject to the following:
(i) Our Processor’s agreement to waive your Merchant’s liability to us Processor for the fees and costs described in this Section subsection C. is only effective upon: (1) your Merchant’s continued validation of compliance with the PCI DSS and participation in the PCI Program; and (2) your Merchant’s successful completion of the PCI Compliance Validation Process described in Section 15.D.b section B. above; provided, however, that there is no change in your Merchant’s business practices regarding Card acceptance. Your Merchant’s continuing qualification for the PCI Program is premised upon initial validation of your Merchant’s compliance with the PCI DSS as described in Section 15.D.b subsection B. above and timely re-validation of your Merchant’s compliance with the PCI DSS, including annual completion of a SAQ and passing quarterly vulnerability scans, if applicable, payment of the Program cost, and otherwise complying with the terms of the Program and the Agreement.
(ii) If you are Merchant is in compliance with the requirements of subsection (i) above, we Processor agrees to waive up to $50,000 in fees and costs described in this Section subsection C. for each unique Merchant Identification Number (MID). If you have Merchant has multiple MIDs that have the same federal tax identification number (or in the case of a sole proprietorship, the same social security number), then the maximum aggregate Waiver amount for those MIDs is limited to $100,000. In addition, if a MID is one of a group of MIDs that are eligible for and receive a multi-merchant discount for the PCI Program fees, the aggregate Waiver for all MIDs in such group is $100,000.
(iii) Your Merchant’s validation of compliance with the PCI DSS through the PCI Program is required to be eligible for the Waiver. To validate your Merchant’s compliance, Merchant must successfully complete the PCI Compliance Validation Process described in subsection B. of this Section 15.D.b35, including any required re-re- validation of your Merchant’s compliance with the PCI DSS as described in Section 15.D.b (v). You subsection B. Merchant will not be eligible for the Waiver if your Merchant’s SAQ is not current, if you have Merchant has not timely completed the Merchant’s quarterly vulnerability scans, or if you have Merchant has otherwise failed to maintain compliance with the PCI DSS through the PCI Program.
(iv) Our Processor’s Waiver of up to $50,000 of the costs and fees described in this subsection C. is limited to one (1) compromise of cardholder data incident per Program year. Any subsequent incidents occurring during the same Program year are not eligible for the Waiver, and any costs and fees associated with such incident(s) remain your Merchant’s liability under this Agreement. Chargebacks and reversals are not eligible for the Waiver under any circumstances.
(v) To report a possible compromise of cardholder data, Merchant should immediately contact Processor at xxxxxxxxxx@xxx.xxx. Merchant will need to provide Merchant’s name, MID, contact information and a brief summary of the incident in this communication, but do not include cardholder numbers or other sensitive information.
Appears in 6 contracts
Samples: Merchant Processing Agreement, Merchant Processing Agreement, Merchant Processing Agreement
Waiver; Limitations on Waiver. Upon your successful validation of compliance with the PCI DSS under the PCI Program, we agree NPC agrees to waive your liability to usNPC, up to $50,000, for the following fees and costs incurred as a result of a verified compromise of cardholder data that are otherwise your liability under this Agreement: (1) fees and costs associated with a required forensic audit conducted by an approved Qualified Incident Response Assessor (QIRA); (2) fines or assessments levied by a Card Organization as a result of the required forensic audit; and (3) fees and costs associated with the production and distribution of replacement credit cards for compromised card numbers (the “Waiver”). The Waiver provided under this Section subsection (iii) is also subject to the following:
(ia) Our NPC’s agreement to waive your liability to us NPC for the fees and costs described in this Section subsection (iii) is only effective upon: :
(1) your continued validation of compliance with the PCI DSS and participation in the PCI Program; and (2) your successful completion of the PCI Compliance Validation Process described in Section 15.D.b section (ii) above; provided, however, that there is no change in your business practices regarding Card acceptance. Your continuing qualification for the PCI Program is premised upon initial validation of your compliance with the PCI DSS as described in Section 15.D.b subsection (ii) above and timely re-validation of your compliance with the PCI DSS, including annual completion of a SAQ and passing quarterly vulnerability scans, if applicable, payment of the Program cost, and otherwise complying with the terms of the Program and the Agreement.
(iib) If you are in compliance with the requirements of subsection (ia) above, we NPC agrees to waive up to $50,000 in fees and costs described in this Section subsection (iii) for each unique Merchant Identification Number (MID). If you have multiple MIDs that have the same federal tax identification number (or in the case of a sole proprietorship, the same social security number), then the maximum aggregate Waiver amount for those MIDs is limited to $100,000. In addition, if a MID is one of a group of MIDs that are eligible for and receive a multi-merchant discount for the PCI Program fees, the aggregate Waiver for all MIDs in such group is $100,000.
(iiic) Your validation of compliance with the PCI DSS through the PCI Program is required to be eligible for the Waiver. To validate your compliance, Merchant you must successfully complete the PCI Compliance Validation Process described in subsection (ii) of this Section 15.D.bO, including any required re-validation of your compliance with the PCI DSS as described in Section 15.D.b subsection (v). You will not be eligible for the Waiver if your SAQ is not current, if you have not timely completed the quarterly vulnerability scans, or if you have otherwise failed to maintain compliance with the PCI DSS through the PCI Program.
(ivii)(d) Our Waiver of up to $50,000 of the costs and fees described is limited to one (1) compromise of cardholder data incident per Program year. Any subsequent incidents occurring during the same Program year are not eligible for the Waiver, and any costs and fees associated with such incident(s) remain your liability under this Agreement. Chargebacks and reversals are not eligible for the Waiver under any circumstances.Section
Appears in 1 contract
Samples: Merchant Processing Agreement
Waiver; Limitations on Waiver. Upon your successful validation of compliance with the PCI DSS under the PCI Program, we agree NPC agrees to waive your liability to usNPC, up to $50,000, for the following fees and costs incurred as a result of a verified compromise of cardholder data that are otherwise your liability under this Agreement: (1) fees and costs associated with a required forensic audit conducted by an approved Qualified Incident Response Assessor (QIRA); (2) fines or assessments levied by a Card Organization as a result of the required forensic audit; and (3) fees and costs associated with the production and distribution of replacement credit cards for compromised card numbers (the “Waiver”). The Waiver provided under this Section subsection (iii) is also subject to the following:
(ia) Our NPC’s agreement to waive your liability to us NPC for the fees and costs described in this Section subsection (iii) is only effective upon: (1) your continued validation of compliance with the PCI DSS and participation in the PCI Program; and (2) your successful completion of the PCI Compliance Validation Process described in Section 15.D.b section (ii) above; provided, however, that there is no change in your business practices regarding Card acceptance. Your continuing qualification for the PCI Program is premised upon initial validation of your compliance with the PCI DSS as described in Section 15.D.b subsection (ii) above and timely re-validation of your compliance with the PCI DSS, including annual completion of a SAQ and passing quarterly vulnerability scans, if applicable, payment of the Program cost, and otherwise complying with the terms of the Program and the Agreement.
(iib) If you are in compliance with the requirements of subsection (ia) above, we NPC agrees to waive up to $50,000 in fees and costs described in this Section subsection (iii) for each unique Merchant Identification Number (MID). If you have multiple MIDs that have the same federal tax identification number (or in the case of a sole proprietorship, the same social security number), then the maximum aggregate Waiver amount for those MIDs is limited to $100,000. In addition, if a MID is one of a group of MIDs that are eligible for and receive a multi-merchant discount for the PCI Program fees, the aggregate Waiver for all MIDs in such group is $100,000.
(iiic) Your validation of compliance with the PCI DSS through the PCI Program is required to be eligible for the Waiver. To validate your compliance, Merchant you must successfully complete the PCI Compliance Validation Process described in subsection (ii) of this Section 15.D.bO, including any required re-validation of your compliance with the PCI DSS as described in subsection (ii)(d) of this Section 15.D.b (v). O. You will not be eligible for the Waiver if your SAQ is not current, if you have not timely completed the your quarterly vulnerability scans, or if you have otherwise failed to maintain compliance with the PCI DSS through the PCI Program.
(ivd) Our NPC’s Waiver of up to $50,000 of the costs and fees described in this subsection (iii) is limited to one (1) compromise of cardholder data incident per Program year. Any subsequent incidents occurring during the same Program year are not eligible for the Waiver, and any costs and fees associated with such incident(s) remain your liability under this Agreement. Chargebacks and reversals are not eligible for the Waiver under any circumstances.
(e) To report a possible compromise of cardholder data, you should immediately contact NPC at xxxxxxxxxx@xxx.xxx. You will need to provide your name, MID, contact information and a brief summary of the incident in this communication, but do not include cardholder numbers or other sensitive information.
Appears in 1 contract
Samples: Merchant Processing Agreement