Merchant’s obligations to comply with Data Security requirements Clause Samples

Merchant’s obligations to comply with Data Security requirements a. The Merchant acknowledges and agrees that it is fully responsible for the security of data on its website or otherwise within its possession or control. b. The Merchant agrees to do the following with respect to its processing of its customers’ personal identifiable information and the collection, security and dissemination of data on the Merchant’s website: 1. comply with all applicable laws and regulations; 2. comply with the Association Rules; 3. comply with the Payment Card Industry Data Security Standards (PCI DSS), the Payment Application Data Security Standards (PA DSS), and any Card Association data security requirements, as applicable, including without limitation: a. install and maintain a firewall configuration to protect data; b. not use vendor supplied defaults for system passwords and other security parameters; c. protect stored data; d. encrypt transmission of cardholder data and sensitive information across public networks; e. use and regularly update anti-virus software; f. develop and maintain secure systems and applications g. restrict access to data by business need-to-know; h. assign a unique ID to each person with computer access; i. restrict physical access to cardholder data; j. track and monitor all access to network resources and cardholder data; k. regularly test security systems and procedures; and l. maintain a policy that addresses information security. At PayPal’s request, the Merchant must provide PayPal with evidence to PayPal’s satisfaction that it is in compliance with PCI DSS. The Merchant acknowledges and agrees that nothing in this Card Agreement nor PayPal providing the Services will constitute compliance by the Merchant to the PCI DSS whether via a third party “Qualified Security Assessor” and such compliance services are not provided under the scope of this Card Agreement. The Merchant must design, maintain and operate its website and other systems in conformity with PCI DSS. PayPal is not responsible for any costs that you incur in complying with PCI DSS. The Merchant agrees to independently arrange, at its own expense, evidence from a Qualified Security Assessor or otherwise to PayPal’s satisfaction. If the Merchant does not initiate a security audit within 10 business days of PayPal’s request, PayPal may conduct or obtain such an audit at the Merchant’s expense. PayPal may advise Shared Customers, if PayPal has reason to believe that a fraud or other illegitimate activity may be occurring or may have occurred,...

Merchant’s obligations to comply with Data Security requirements a. The Merchant acknowledges and agrees that it is fully responsible for the security of data on its website or otherwise within its possession or control. b. The Merchant agrees to do the following with respect to its processing of its customers’ personal identifiable information and the collection, security and dissemination of data on the Merchant’s website: 1. comply with all applicable laws and regulations; 2. comply with the applicable obligations, rules and guidelines issued by Visa USA, Europe, Asia Pacific, Canada and other Visa regions, MasterCard International Incorporated, American Express Company or other applicable Card Associations and the “Association Rules”, including, without limitation, the Visa Cardholder Information Security Program (CISP), Visa Account Information Security Program (AISP), the MasterCard Site Data Protection Program and PCI DSS. Further information can be found by visiting the following URLs: ▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇, ▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇/▇▇▇▇▇▇▇▇▇▇ retailers/payment_ security/overview.aspx and ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/sdp.