Payment Card Industry Compliance. If you use the Services to accept Transactions, you must comply with the Payment Card Industry Data Security Standards ("PCI-DSS") and, if applicable to your business, the Payment Application Data Security Standards ("PA-DSS") (collectively, the "PCI Requirements"). The specific steps you will need to take to comply with the PCI Requirements will depend on your business and your use of the Services, and Helcim provides tools that may simplify your PCI compliance process. You can review your PCI Compliance status via the Helcim Dashboard. Additional information regarding PCI compliance in relation to your use of the Services is available through the Helcim Dashboard. You agree to provide us with evidence demonstrating your compliance with the PCI Requirements, if requested. If you store, hold and maintain "Account Data", as defined by the PCI Requirements (including Customer card account number or expiration date), you further agree that you will either maintain a PCI-compliant system or use a compliant service provider to store or transmit such Account Data; further, you agree to never store any "Sensitive Authentication Data", as defined by the PCI Requirements (such as CVC or CVV2), data at any time. You can find information about the PCI Requirements on the PCI Council's website. xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/
Payment Card Industry Compliance. To the extent that Administrator, in the course of providing Services, stores, processes, transmits or otherwise obtains cardholder data, or performs any activities regulated by the Payment Card Industry (“PCI”) Security Standards Council, Administrator shall comply with the most current version of the PCI Data Security Standard (“DSS”), the PIN Transaction Security Standard (“PTS”), the Payment Application Data Security Standard (“PA-DSS”), and the Point-to-Point Encryption Solutions Requirements and Testing Procedures (“P2PE”), and any other applicable program or requirement that is published and/or otherwise mandated by applicable card networks or the PCI Security Standards Council.
Payment Card Industry Compliance. This subsection shall apply in the event Vendor’s services involve bank or credit card information processing, in which case Vendor shall at all times comply with the provisions of this subsection. Vendor shall at all times maintain compliance with applicable Payment Card Industry (“PCI”) requirements and shall at minimum continuously satisfy all requirements of the then-current Payment Card Industry Data Security Standard ("PCI DSS"). Vendor shall be responsible for the security of all cardholder data that it receives and possesses under this Agreement, including the functions relating to transmitting, storing, and processing of cardholder data. Within fifteen (15) days after the delivery of this executed Agreement, Vendor shall provide documentation certifying the vendor’s PCI DSS compliance, and shall also provide certifications of Payment Application Data Security Standard (PA-DSS) compliance where applicable. Upon execution and then annually, Vendor shall provide The University with a full copy of the Annual Report on Compliance as delivered by a Qualified Security Assessor and shall also provide upon execution and then quarterly, a full copy of the quarterly network scan completed by a PCI Approved Scan Vendor. In the event Vendor learns it is no longer compliant with any PCI requirement, Vendor will immediately notify the University of such noncompliance as well as of steps being taken to remediate the non-compliance status. In no event may Vendor’s notification to the University be later than five (5) calendar days after Vendor learns it is no longer compliant with any applicable PCI standard or requirement. Should Vendor lose PCI DSS certification of compliance or become non-compliant for any reason, the University may terminate this Agreement immediately and seek any other available remedies. The indemnification provided for under this Agreement applies fully to the failure of Vendor to at all times remain PCI DSS compliant.
Payment Card Industry Compliance. Merchant acknowledges and understands the importance of compliance with the Security Standards, such as those relating to the storage and disclosure of Transaction Data and Payment Instrument Information. Therefore, Merchant shall exercise reasonable care to prevent disclosure or use of Payment Instrument Information, other than (a) to Merchant’s agents and contractors for the purpose of assisting Merchant in completing a Transaction; (b) to the applicable Payment Brand; or (c) as specifically required by law. Furthermore, Merchant acknowledges and understands that its use of any fraud mitigation or security enhancement solution (e.g. an encryption product or service), whether provided to Merchant by Treasury or a third party, in no way limits Merchant’s obligation to comply with the Security Standards or Merchant’s liabilities set forth in this Agreement. Merchant is allowed by the Payment Brand Rules to store only certain Payment Instrument Information (currently limited to the Customer’s name, Payment Instrument truncated account number, and expiration date) and is prohibited from storing additional Payment instrument information, including, without limitation, any security code data, such as XXX0, XXX0, and PIN data, and any magnetic stripe track data. Merchant shall store all media containing Payment Instrument Information in an unreadable format wherever it is stored and in an area limited to selected personnel on a “need to know” basis only. (Secure environments include locked drawers, file cabinets in a locked office, and safes.) Prior to either party discarding any material containing Payment Instrument Information, the party will render the account numbers unreadable in accordance with the requirements of the Security Standards. If at any time Merchant determines or suspects that Payment Instrument Information has been compromised Merchant must notify Treasury immediately and assist in providing notification to such parties as may be required by law or Payment Brand Rules, or as Processor otherwise reasonably deems necessary. Merchant information may be shared by Processor with its affiliates and with the Payment Brands subject to the provisions of this Agreement and Payment Brand Rules. Merchant agrees to comply with all Security Standards. Merchant agrees that any person involved in the acceptance, processing, or storage of credit card data will complete the mandatory Security Awareness Education (SAE) online training prior to processing paymen...
Payment Card Industry Compliance. In any contract where the Contractor provides a system or service that involves processing credit card payments (a “Payment Solution”), the Payment Solution must be Payment Card Industry Data Security Standard Compliant (“PCI-DSS Compliant”), as determined and verified by the Department of Finance, and must (1) process credit card payments through the use of a Merchant ID (“MID”) obtained by the County’s Department of Finance by and in the name of the County as merchant of record, or (2) use a MID obtained by and in the name of the Contractor as merchant of record.
Payment Card Industry Compliance. (a) Each party agrees to comply with all applicable Security Standards.
Payment Card Industry Compliance. Company acknowledges responsibility for the security of cardholder data it possesses or otherwise stores, processes or transmits on behalf of Client, or to the extent that Company could impact the security of the cardholder data environment. Company attests that, as of the Effective Date of this Agreement, it has complied with all applicable requirements to be considered PCI DSS compliant, has performed the necessary steps to validate its compliance with the PCI DSS, and will maintain such compliance for the Term of this Agreement. For purposes of this Agreement, “PCI DSS” means the most current version of the Payment Card Industry Data Security Standard administered by the Payment Card Industry Security Standards Council. Company agrees to supply evidence of its most recent validation of compliance upon execution of this Agreement and annually for the length of the Agreement. Company will immediately notify Client if it learns it is no longer PCI DSS compliant and will immediately remediate the non-compliance status. In no event shall Company’s notification to Client be later than thirty (30) calendar days after Company learns it is no longer PCI DSS compliant. Company acknowledges that unauthorized access to the cardholder data environment (“a cardholder data breach”) resulting from a lapse in Company’s security obligations is grounds for early termination of this Agreement without penalty, at Client’s discretion. Company agrees to comply with all applicable laws requiring notification of individuals in the event of a cardholder data breach. In the event of a cardholder data breach resulting from a lapse in Company’s security obligations, Company agrees to assume responsibility for informing all such individuals in accordance with applicable law. Company further agrees to indemnify, hold harmless, and defend Client and its agents and employees from and against any claims, damages, or other harm related to a cardholder data breach. This provision survives termination of this Agreement.
Payment Card Industry Compliance. (c) College Policy 15-01, Responsible Acquisition and Use of Computing Resources
Payment Card Industry Compliance. The Participant shall be responsible for the security of all of the data that it collects, stores, and/or transmits during the payment process. Also, as a merchant accepting credit card payments, the Participant agrees to comply with the Payment Card Industry (“PCI”) Data Security Standards (“DSS”) and accepts all liability associated with PCI DSS compliance, including any fines or fees for compliance lapses or breach events, as required by the credit card brands. During enrollment and/or any time thereafter, the Treasurer may require a Participant to provide the Treasurer a copy of the Participant’s PCI compliance certification(s). Notwithstanding Section 10 of this agreement, in the event the Treasurer does not receive such certification(s) within thirty (30) days of the request, the Treasurer reserves the right to immediately deny, freeze, or terminate any or all E-Pay services.
Payment Card Industry Compliance. 1. If applicable, Vendor shall comply with the then-current Payment Card Industry (PCI) Data Security Standards.
