Cardholder Data. Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of or otherwise unauthorized access to Cardholder Data stored by or for Service Provider, Service Provider shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Service Provider's facilities and all pertinent records to conduct a review of Service Provider's compliance with these requirements. Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster or failure of Service Provider's primary data systems which involve a risk to Cardholder Data. Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this Section 13.5(d). Service Provider will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 4 contracts
Samples: Master Services Agreement, Master Services Agreement, Master Services Agreement
