Common use of Safeguarding of Information Clause in Contracts

Safeguarding of Information. (a) Merchant and its agents shall be in full compliance with Rules adopted by any Card Network relating to the privacy and security of Cardholder and Card transaction data, including without limitation the Payment Application Data Security Standard (“PA DSS”) and the Payment Card Industry Data Security Standard (“PCI DSS”), as they may be amended from time to time. Information pertaining to such requirements may be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. PCI DSS and other industry aligned validation requirements collectively form the basis for each of the following Card Network compliance programs, with which Merchant must also comply: (i) the Cardholder Information Security Program (“CISP”) - VISA’s data security program; (ii) the Site Data Protection (“SDP”) - Mastercard’s data security program; (iii) AXP’s Data Security Operating Policy (“DSOP”); and (iv) the Discover Network Information Security and Compliance (“DISC”) - Discover Network’s data security program. Additionally, Merchant shall be responsible for demonstrating compliance by its agents for these programs. (b) Merchant shall be liable for all fines, charges and penalties that may be assessed by any Card Network as a result of transactions made by Merchant or Merchant’s noncompliance with the preceding requirements. Merchant also acknowledges that it may be prohibited from participating in Card Network programs if it is determined that Merchant is non-compliant. Merchant acknowledges that it may be subject to, and Servicers retain the right, to conduct or cause to be conducted an audit to verify Merchant’s compliance with the foregoing security requirements. Merchant must notify Servicers within twenty-four (24) hours after becoming aware of (i) any suspected or actual data security breach or (ii) any noncompliance by Merchant with the security requirements set forth herein. In such event, if requested by Servicers or Card Network, Merchant shall, at its own expense, (a) perform or cause to be performed an independent investigation of any data security breach of Card or Card transaction data by an authorized assessor acceptable to Servicers, (b) take all such remedial actions recommended by such investigation, by Servicers or by VISA, Mastercard, AXP or Discover, and (c) cooperate with Servicers in the investigation and resolution of any security breach. (c) Merchant will not, under any circumstances, disclose any Cardholder’s account number nor any information relating to any Cardholder’s account number or any Sales Drafts or Credit Vouchers which may have been imprinted with any Card to any person other than Servicers, or as required by law. Merchant agrees not to store, distribute, copy or otherwise manipulate card account numbers or PINs that appear, are encoded or are otherwise associated with Cards. All electronic commerce Merchants must provide Cardholders with a secure transaction method, such as Secure Sockets Layer (SSL) or 3-D Secure. Further, Merchant agrees to store (to the extent such storage is permitted) any and all material containing Cardholder account numbers, imprints or information in a secure manner, in an area limited to selected personnel, and to destroy such numbers, imprints, and information before discarding in a fashion that renders the data unreadable and unrecoverable. Neither Merchant nor any of its agents shall retain or store the full contents of any track on the Magnetic- Stripe, or equivalent data on the Contactless Payment chip, subsequent to Authorization of a Card transaction. (d) Merchant must notify Servicers of any third party agent of Merchant that will have any access to Cardholder data. (e) Merchant understands and agrees that due to requirements of law, Card receipts may not contain (i) more than the last five digits of the credit card account number; and (ii) that the Card receipt may not contain the expiration date. (f) If Merchant sells goods or services on the Internet, Merchant’s web site must contain Merchant’s consumer privacy policy and a description of Merchant’s method of safeguarding consumer transaction data. (g) Merchant must fully cooperate with Servicers and Card Networks if Merchant is undergoing a forensic investigation at any time with regard to the Account.

Safeguarding of Information. (a) Merchant and its agents shall be in full compliance with Rules adopted by any Card Network Association relating to the privacy and security of Cardholder and Card transaction data, including without limitation the Payment Application Data Security Standard (“PA DSS”) and the Payment Card Industry Data Security Standard (“PCI DSS”), as they may be amended from time to time. Information pertaining to such requirements may be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. PCI DSS and other industry aligned validation requirements collectively form the basis for each of the following Card Network Association compliance programs, with which Merchant must also comply: (i) the Cardholder Information Security Program (“CISP”) - VISA’s data security program; (ii) the Site Data Protection (“SDP”) - MastercardMasterCard’s data security program; and (iii) AXP’s Data Security Operating Policy (“DSOP”); and (iv) the Discover Network Information Security and Compliance (“DISC”) - Discover Network’s data security program. Additionally, Merchant shall be responsible for demonstrating compliance by its agents for these programs. (b) Merchant shall be liable for all fines, charges and penalties that may be assessed by any Card Network Association as a result of transactions made by Merchant or Merchant’s 's noncompliance with the preceding requirements. Merchant also acknowledges that it may be prohibited from participating in Card Network Association programs if it is determined that Merchant is non-compliant. Merchant acknowledges that it may be subject to, and Servicers retain the right, to conduct or cause to be conducted an audit to verify Merchant’s 's compliance with the foregoing security requirements. Merchant must notify Servicers within twenty-four (24) hours after becoming aware of of (ic) any suspected or actual data security breach or (ii) any noncompliance by Merchant with the security requirements set forth herein. In such event, if requested by Servicers or Card NetworkAssociation, Merchant shall, at its own expense, (a) perform or cause to be performed an independent investigation of any data security breach of Card or Card transaction data by an authorized assessor acceptable to Servicers, (b) take all such remedial actions recommended by such investigation, by Servicers or by VISA, Mastercard, AXP VISA or DiscoverMasterCard, and (c) cooperate with Servicers in the investigation and resolution of any security breach. (cd) Merchant will not, under any circumstances, disclose any Cardholder’s 's account number nor any information relating to any Cardholder’s 's account number or any Sales Drafts or Credit Vouchers which may have been imprinted with any Card to any person other than Servicers, or as required by law. Merchant agrees not to store, distribute, copy or otherwise manipulate card account numbers or PINs that appear, are encoded or are otherwise associated with Cards. All electronic commerce Merchants must provide Cardholders with a secure transaction method, such as Secure Sockets Layer (SSL) or 3-D Secure. Further, Merchant agrees to store (to the extent such storage is permitted) any and all material containing Cardholder account numbers, imprints or information in a secure manner, in an area limited to selected personnel, and to destroy such numbers, imprints, and information before discarding in a fashion that renders the data unreadable and unrecoverable. Neither Merchant nor any of its agents shall retain or store the full contents of any track on the Magnetic- Magnetic-Stripe, or equivalent data on the Contactless Payment chip, subsequent to Authorization of a Card transaction. (de) Merchant must notify Servicers of any third party agent of Merchant that will have any access to Cardholder data. (ef) Merchant understands and agrees that due to requirements of law, Card receipts may not contain (i) more than the last five digits of the credit card account number; and (ii) that the Card receipt may not contain the expiration date. (fg) If Merchant sells goods or services on the Internet, Merchant’s 's web site must contain Merchant’s 's consumer privacy policy and a description of Merchant’s 's method of safeguarding consumer transaction data. (gh) Merchant must fully cooperate with Servicers and Card Networks Associations if Merchant is undergoing a forensic investigation at any time with regard to the Account.

Safeguarding of Information. (a) Merchant and its agents shall be in full compliance with Rules adopted by any Card Network relating to the privacy and security of Cardholder and Card transaction data, including without limitation the Payment Application Data Security Standard (“PA DSS”) and the Payment Card Industry Data Security Standard (“PCI DSS”), as they may be amended from time to time. Information pertaining to such requirements may be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. PCI DSS and other industry aligned validation requirements collectively form the basis for each of the following Card Network compliance programs, with which Merchant must also comply: (i) the Cardholder Information Security Program (“CISP”) - VISA’s data security program; (ii) the Site Data Protection (“SDP”) - Mastercard’s data security program; (iii) AXP’s Data Security Operating Policy (“DSOP”); and (iv) the Discover Network Information Security and Compliance (“DISC”) - Discover Network’s data security program. Additionally, Merchant shall be responsible for demonstrating compliance by its agents for these programs. (b) Merchant shall be liable for all fines, charges and penalties that may be assessed by any Card Network as a result of transactions made by Merchant or Merchant’s noncompliance with the preceding requirements. Merchant ▇▇▇▇▇▇▇▇ also acknowledges that it may be prohibited from participating in Card Network programs if it is determined that Merchant is non-compliant. Merchant acknowledges that it may be subject to, and Servicers retain the right, to conduct or cause to be conducted an audit to verify Merchant’s compliance with the foregoing security requirements. Merchant must notify Servicers within twenty-four (24) hours after becoming aware of (i) any suspected or actual data security breach or (ii) any noncompliance by Merchant with the security requirements set forth herein. In such event, if requested by Servicers or Card Network, Merchant shall, at its own expense, (a) perform or cause to be performed an independent investigation of any data security breach of Card or Card transaction data by an authorized assessor acceptable to Servicers, (b) take all such remedial actions recommended by such investigation, by Servicers or by VISA, Mastercard, AXP or Discover, and (c) cooperate with Servicers in the investigation and resolution of any security breach. (c) Merchant will not, under any circumstances, disclose any Cardholder’s account number nor any information relating to any Cardholder’s account number or any Sales Drafts or Credit Vouchers which may have been imprinted with any Card to any person other than Servicers, or as required by law. Merchant ▇▇▇▇▇▇▇▇ agrees not to store, distribute, copy or otherwise manipulate card account numbers or PINs that appear, are encoded or are otherwise associated with Cards. All electronic commerce Merchants must provide Cardholders with a secure transaction method, such as Secure Sockets Layer (SSL) or 3-D Secure. Further, Merchant agrees to store (to the extent such storage is permitted) any and all material containing Cardholder account numbers, imprints or information in a secure manner, in an area limited to selected personnel, and to destroy such numbers, imprints, and information before discarding in a fashion that renders the data unreadable and unrecoverable. Neither Merchant nor any of its agents shall retain or store the full contents of any track on the Magnetic- Stripe, or equivalent data on the Contactless Payment chip, subsequent to Authorization of a Card transaction. (d) Merchant must notify Servicers of any third party agent of Merchant that will have any access to Cardholder data. (e) Merchant understands and agrees that due to requirements of law, Card receipts may not contain (i) more than the last five digits of the credit card account number; and (ii) that the Card receipt may not contain the expiration date. (f) If Merchant sells goods or services on the Internet, Merchant’s web site must contain Merchant’s consumer privacy policy and a description of Merchant’s method of safeguarding consumer transaction data. (g) Merchant must fully cooperate with Servicers and Card Networks if Merchant ▇▇▇▇▇▇▇▇ is undergoing a forensic investigation at any time with regard to the Account.

Safeguarding of Information. (a) Merchant and its agents shall be in full compliance with Rules adopted by any Card Network Association relating to the privacy and security of Cardholder and Card transaction data, including without limitation the Payment Application Data Security Standard (“PA DSS”) and the Payment Card Industry Data Security Standard (“PCI DSS”), as they may be amended from time to time. Information pertaining to such requirements may be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. PCI DSS and other industry aligned validation requirements collectively form the basis for each of the following Card Network Association compliance programs, with which Merchant must also comply: (i) the Cardholder Information Security Program (“CISP”) - VISA’s data security program; (ii) the Site Data Protection (“SDP”) - MastercardMasterCard’s data security program; and (iii) AXP’s Data Security Operating Policy (“DSOP”); and (iv) the Discover Network Information Security and Compliance (“DISC”) - Discover Network’s data security program. Additionally, Merchant shall be responsible for demonstrating compliance by its agents for these programs. (b) Merchant shall be liable for all fines, charges and penalties that may be assessed by any Card Network Association as a result of transactions made by Merchant or Merchant’s 's noncompliance with the preceding requirements. Merchant also acknowledges that it may be prohibited from participating in Card Network Association programs if it is determined that Merchant is non-compliant. Merchant acknowledges that it may be subject to, and Servicers retain the right, to conduct or cause to be conducted an audit to verify Merchant’s 's compliance with the foregoing security requirements. Merchant must notify Servicers within twenty-four (24) hours after becoming aware of of (i) any suspected or actual data security breach or (ii) any noncompliance by Merchant with the security requirements set forth herein. In such event, if requested by Servicers or Card NetworkAssociation, Merchant shall, at its own expense, (a) perform or cause to be performed an independent investigation of any data security breach of Card or Card transaction data by an authorized assessor acceptable to Servicers, (b) take all such remedial actions recommended by such investigation, by Servicers or by VISA, Mastercard, AXP VISA or DiscoverMasterCard, and (c) cooperate with Servicers in the investigation and resolution of any security breach. (c) Merchant will not, under any circumstances, disclose any Cardholder’s 's account number nor any information relating to any Cardholder’s 's account number or any Sales Drafts or Credit Vouchers which may have been imprinted with any Card to any person other than Servicers, or as required by law. Merchant agrees not to store, distribute, copy or otherwise manipulate card account numbers or PINs that appear, are encoded or are otherwise associated with Cards. All electronic commerce Merchants must provide Cardholders with a secure transaction method, such as Secure Sockets Layer (SSL) or 3-D Secure. Further, Merchant agrees to store (to the extent such storage is permitted) any and all material containing Cardholder account numbers, imprints or information in a secure manner, in an area limited to selected personnel, and to destroy such numbers, imprints, and information before discarding in a fashion that renders the data unreadable and unrecoverable. Neither Merchant nor any of its agents shall retain or store the full contents of any track on the Magnetic- Magnetic-Stripe, or equivalent data on the Contactless Payment chip, subsequent to Authorization of a Card transaction. (d) Merchant must notify Servicers of any third party agent of Merchant that will have any access to Cardholder data. (e) Merchant understands and agrees that due to requirements of law, Card receipts may not contain (i) more than the last five digits of the credit card account number; and (ii) that the Card receipt may not contain the expiration date. (f) If Merchant sells goods or services on the Internet, Merchant’s 's web site must contain Merchant’s 's consumer privacy policy and a description of Merchant’s 's method of safeguarding consumer transaction data. (g) Merchant must fully cooperate with Servicers and Card Networks Associations if Merchant is undergoing a forensic investigation at any time with regard to the Account.

Safeguarding of Information. (a) Merchant and its agents shall be in full compliance with Rules adopted by any Card Network Association relating to the privacy and security of Cardholder and Card transaction data, including without limitation the Payment Application Data Security Standard (“PA DSS”) and the Payment Card Industry Data Security Standard (“PCI DSS”), as they may be amended from time to time. Information pertaining to such requirements may be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. PCI DSS and other industry aligned validation requirements collectively form the basis for each of the following Card Network Association compliance programs, with which Merchant must also comply: (i) the Cardholder Information Security Program (“CISP”) - VISA’s data security program; (ii) the Site Data Protection (“SDP”) - MastercardMasterCard’s data security program; (iii) AXP’s Data Security Operating Policy (“DSOP”); and (iv) the Discover Network Information Security and Compliance (“DISC”) - Discover Network’s data security program. Additionally, Merchant shall be responsible for demonstrating compliance by its agents for these programs. (b) Merchant shall be liable for all fines, charges and penalties that may be assessed by any Card Network Association as a result of transactions made by Merchant or Merchant’s 's noncompliance with the preceding requirements. Merchant also acknowledges that it may be prohibited from participating in Card Network Association programs if it is determined that Merchant is non-compliant. Merchant acknowledges that it may be subject to, and Servicers retain the right, to conduct or cause to be conducted an audit to verify Merchant’s 's compliance with the foregoing security requirements. Merchant must notify Servicers within twenty-four (24) hours after becoming aware of (i) any suspected or actual data security breach or (ii) any noncompliance by Merchant with the security requirements set forth herein. In such event, if requested by Servicers or Card NetworkAssociation, Merchant shall, at its own expense, (a) perform or cause to be performed an independent investigation of any data security breach of Card or Card transaction data by an authorized assessor acceptable to Servicers, (b) take all such remedial actions recommended by such investigation, by Servicers or by VISA, MastercardMasterCard, AXP or Discover, and (c) cooperate with Servicers in the investigation and resolution of any security breach. (c) Merchant will not, under any circumstances, disclose any Cardholder’s 's account number nor any information relating to any Cardholder’s 's account number or any Sales Drafts or Credit Vouchers which may have been imprinted with any Card to any person other than Servicers, or as required by law. Merchant agrees not to store, distribute, copy or otherwise manipulate card account numbers or PINs that appear, are encoded or are otherwise associated with Cards. All electronic commerce Merchants must provide Cardholders with a secure transaction method, such as Secure Sockets Layer (SSL) or 3-D Secure. Further, Merchant agrees to store (to the extent such storage is permitted) any and all material containing Cardholder account numbers, imprints or information in a secure manner, in an area limited to selected personnel, and to destroy such numbers, imprints, and information before discarding in a fashion that renders the data unreadable and unrecoverableunrecoverable . Neither Merchant nor any of its agents shall retain or store the full contents of any track on the Magnetic- Magnetic-Stripe, or equivalent data on the Contactless Payment chip, subsequent to Authorization of a Card transaction. (d) Merchant must notify Servicers of any third party agent of Merchant that will have any access to Cardholder data. (e) Merchant understands and agrees that due to requirements of law, Card receipts may not contain (i) more than the last five digits of the credit card account number; and (ii) that the Card receipt may not contain the expiration date. (f) If Merchant sells goods or services on the Internet, Merchant’s 's web site must contain Merchant’s 's consumer privacy policy and a description of Merchant’s 's method of safeguarding consumer transaction data. (g) Merchant must fully cooperate with Servicers and Card Networks Associations if Merchant is undergoing a forensic investigation at any time with regard to the Account.