Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this Section. Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. (a) As among the Parties hereto, the Cardholder Data shall be the property of and exclusively owned by Bank.
Cardholder Data. (a) As among the Parties hereto, the Cardholder Data shall be the property of and exclusively owned by the Bank. The Company acknowledges and agrees that, subject to its rights pursuant to Section 17.2, it has no proprietary interest in the Cardholder Data.
Cardholder Data. (a) As between Bank and Company, Cardholder Data shall be the property of and exclusively owned by Bank. In its capacity as servicer, Company shall maintain all Cardholder Data and shall provide Bank with full access to Cardholder Data.
Cardholder Data. Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of or otherwise unauthorized access to Cardholder Data stored by or for Service Provider, Service Provider shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Service Provider's facilities and all pertinent records to conduct a review of Service Provider's compliance with these requirements. Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster or failure of Service Provider's primary data systems which involve a risk to Cardholder Data. Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this Section 13.5(d). Service Provider will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of or otherwise unauthorized access to Cardholder Data stored by or for Service Provider, Service Provider shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Service Provider's facilities and all pertinent records to conduct a review of Service Provider's compliance with these requirements. Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster or failure of Service Provider's primary data systems which involve a risk to Cardholder Data. Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this Section 13.5(d). Service Provider will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Cardholder Data. You shall not sell , purchase, provide, or exchange with any third party any Cardholder names, addresses, account numbers, track-2 data, EMV data, chip data, security verification codes, expiration dates, Personally Identifiable Information or any other Cardholder information (“Cardholder Data”); provided, however, that You may provide Cardholder Data to the Card Networks for the purpose of completing a lawful sales transaction. You agree that under no circumstances will You or your employees, representatives, third-party vendors, or agents store Cardholder Data in violation of the Operating Regulations, Data Security Regulations, Rules or Laws. You agree that You, your employees, agents, representatives and third-party vendors will not retain Cardholder Data after completion of the authorization process.
Cardholder Data. “Cardholder Data” has the same meaning as cardholder data in the PCI DSS Payment Application Data Security Standards Glossary of Terms, Abbreviations, and Acronyms, which at a minimum, consists of the full primary account number (“PAN”). Cardholder Data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code. “Transaction Data” means any data, except Cardholder Data, about a transaction initiated with a Card. Client Affiliate may use Cardholder Data and Transaction Data it receives through Marqeta to perform obligations in accordance with operating a Card Program and Applicable Law. Marqeta may not use or disclose any Cardholder Data or Transaction Data for any purpose except for: (i) providing and improving the Services, (ii) performing its obligations under this Addendum, (iii) performing fraud screening and verifying identities and information, and (iv) to comply with Applicable Law or Card Brand Rules.
Cardholder Data. You must secure and prevent the unauthorized access of any systems and media containing account, Cardholder, or transaction information (physical or electronic, including account numbers, Card imprints, and TID(s). Except for Card drafts you maintain in accordance with this Agreement or the Laws or Operating Regulations, you shall render inoperative and unreadable any media you no longer deem necessary or appropriate to store. You shall notify us of the identity of any third party who will have access to Cardholder data (“Merchant Provider(s)”). You shall also ensure that: (i) Merchant Providers cannot access Cardholder data unless authorized by the Operating Regulations; (ii) Merchant Providers have proper security measures to protect Cardholder data; (iii) you and Merchant Providers comply with the PCI DSS; and (iv) you have written agreements with Merchant Providers requiring compliance with the terms of this Section. You shall immediately notify us of any suspected or confirmed loss or theft of any transaction information. This includes any loss or theft from a Merchant Provider. You are responsible for demonstrating your and Merchant Providers’ compliance with the PCI DSS programs. You agree to provide us reasonable access to your locations and the locations of your Merchant Providers so that we can, at our option, verify whether you and your Merchant Providers can prevent future security violations. In the event of a suspected or confirmed loss or theft of information, you agree, at your expense, to provide any information, whether requested by us, an Association, financial institutions, or a local, state, or federal official in connection with the event. You further agree to cooperate in any ensuing investigation, including any forensic investigation. The information you provide in response to an investigation shall be considered our confidential information. The requirements of this provision apply to Cardholder data regardless of the medium in which the information is contained and regardless of whether you process transactions via internet, mail, phone, face-to- face or any other method.
