Common use of PCI Standards Clause in Contracts

PCI Standards. 2.1 In order to maintain a high level of security in the global card payment systems and to enhance confidence in Cards as a means of payment, it is of the utmost importance that anyone who processes Card Information does so in a secure manner. For this reason, the industry has agreed on a joint industry standard for processing Card Information. The standard is called Payment Card Industry (PCI) Data Security Standard (DSS) and is developed by inter alia Visa and MasterCard. 2.2 The Merchant undertakes to comply with the PCI DSS standard as published from time to time on ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ in order to process Card Information in a secure manner. The Instructions contain additional information regarding PCI DSS as well as a description of matters to be observed by the Merchant in general in conjunction with the processing of Card Information. 2.3 In case the Merchant suspects irregularities or fraudulent use of Card Information, the Merchant is required to report this suspicion to Bambora and the Merchant’s Payment Service Provider without delay. 2.4 The Merchant undertakes not to store any sensitive data regarding Cards or data relating to Transactions. In cases where the Merchant’s business require handling and storage of Card data, Card Information or data relating to Transactions, such handling and/or storage must be carried out in accordance with all applicable laws, regulations and rules such as the “Guidelines on the security of internet payments ”(EBA/GL/2014/12)”. 2.5 The Merchant will only, and will ensure that any third party service provider utilised by the Merchant for the purpose of this Agreement (or for any service provided hereunder) will only, use technical equipment for the services that is compliant in all respects with (and, if required, approved under) the applicable standards published by PCI Security Standards Council, and the Merchant assumes liability for the compliance of any equipment used by any such third party service provider with the standards. 2.6 Bambora shall at all times have the right at its request (following the giving of reasonable notice where possible) to: a) receive all information (and confirmations) with respect to the Merchant´s and any relevant third party service provider´s compliance with sections 2.2, 2.4 and 2.5; b) audit, or request the audit of, the Merchant’s and/or any third party´s compliance with section 2.2, 2.4 and 2.5; and

PCI Standards. 2.1 3.1 In order to maintain a high level of security in the global card payment systems and to enhance confidence in Cards as a means of payment, it is of the utmost importance that anyone who processes Card Information does so in a secure manner. For this reason, the industry has agreed on a joint industry standard for processing Card Information. The standard is called Payment Card Industry (PCI) Data Security Standard (DSS) and is developed by inter alia Visa and MasterCard. 2.2 3.2 The Merchant undertakes to comply with the PCI DSS standard as published from time to time on ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ in order to process Card Information in a secure manner. The Instructions contain additional information regarding PCI DSS as well as a description of matters to be observed by the Merchant in general in conjunction with the processing of Card Information. 2.3 3.3 In case the Merchant suspects irregularities or fraudulent use of Card Information, the Merchant is required to report this suspicion to Bambora and the Merchant’s Payment Service Provider without delay. 2.4 3.4 The Merchant undertakes not to store any sensitive data regarding Cards or data relating to Transactions. In cases where the Merchant’s business require requires handling and storage of Card data, Card Information or data relating to Transactions, such handling and/or storage must be carried out in accordance with all applicable laws, regulations and rules such as the “Guidelines on the security of internet payments ”(EBA/GL/2014/12)”rules. 2.5 3.5 The Merchant will only, and will ensure that any third party service provider utilised utilized by the Merchant for the purpose of this Agreement (or for any service provided hereunder) will only, use technical equipment for the services that is compliant in all respects with (and, if required, approved under) the applicable standards published by PCI Security Standards Council, and the Merchant assumes liability for the compliance of any equipment used by any such third party service provider with the standards. 2.6 3.6 Bambora shall at all times have the right at its request (following the giving of upon reasonable notice where possible) to: a) 3.6.1 receive all information (and confirmations) with respect to the Merchant´s and any relevant third party service provider´s compliance with sections 2.23.2, 2.4 3.4 and 2.5; b) 3.5; 3.6.2 audit, or request the audit of, the Merchant’s and/or any third party´s compliance with section 2.23.2, 2.4 3.4 and 2.53.5; 3.6.3 have its forensics investigators of choice investigating any breach or suspected breach of, or non-compliance with, the requirements of sections 3.2, 3.4 and 3.5; and 3.6.4 to inspect any Terminal. 3.7 All costs in relation to any request made by Bambora pursuant to section 3.6 shall be borne by the Merchant. 3.8 The Merchant shall promptly notify Bambora in writing of any breach or suspected breach or non-compliance by it or by any third party of the requirements of section 3.2, 3.4 and 3.5 that the Merchant becomes aware of. 3.9 Bambora is responsible for complying with applicable PCI DSS requirements for Card Information handled by Bambora on behalf of the Merchant.