Security of Cardholder Data Clause Samples

The SECURITY OF CARDHOLDER DATA clause establishes requirements for protecting sensitive payment card information handled by the parties. It typically mandates that any entity processing, storing, or transmitting cardholder data must implement robust security measures, such as encryption, access controls, and compliance with industry standards like PCI DSS. By setting these obligations, the clause aims to prevent unauthorized access, data breaches, and fraud, thereby safeguarding both consumers and businesses from financial and reputational harm.
POPULAR SAMPLE Copied 1 times
Security of Cardholder Data. Company and Services Vendor each acknowledge and agree that this Agreement constitutes an agreement for Services Vendor to perform services for Company as contemplated in Title V of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Financial Modernization Act (the "Act") and Regulation P issued under the Act ("Regulation P"), Without limiting the generality of the terms of this Agreement, Services Vendor agrees that it shall protect the privacy of Cardholder's non-public personal information, as such terms are defined in the Act and in Regulation P ("Consumer Information") to at least the same extent that Client must maintain that confidentiality under the Act and Regulation P. Without limiting the generality of the foregoing sentence, Services Vendor shall not disclose any non-public personal information to any third person except as required in the performance of Services under this Agreement, and Services Vendor shall not use any non-public personal information except to perform the Services described under this Agreement. Services Vendor shall establish administrative, technical and physical safeguards for Company's customer records and information in Services Vendor's control or possession from time to time. Such safeguards shall be designed for the purpose of: (a) insuring the security of such records and information, (b) protecting against any anticipated threats or hazards to the security or integrity of such records and information; and (c) protecting against unauthorized access to or use of such records and information that would result in substantial harm or inconvenience to any Cardholder. Such safeguards shall be established in accordance with Section 501 of the Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information adopted pursuant to Section 501 of the Act. Company shall provide Services Vendor with a copy of its privacy policy established in accordance with the Act and Regulation P.
View SourceView Similar (6)
Security of Cardholder Data. The Contractor and/or any subcontractors responsible for storing, processing, or transmitting cardholder data must comply with all applicable Payment Card Industry Data Security Standards (PCI-DSS) throughout the term of the Contract. The State acknowledges that as of the effective date of this Agreement, as a payment brand, Contractor is not a service provider as that term is defined by PCI DSS. American Express places a top priority on safeguarding Card Member information and, as a regulated financial services institution, adheres to robust legal requirements by U.S. and international regulators, including the Gramm ▇▇▇▇▇ ▇▇▇▇▇▇ Act (GLBA), the EU General Data Protection Regulation (GDPR), and the Federal Financial Institutions Examinations Council (“FFIEC”) guidelines. The FFIEC is composed of the primary banking regulators, including the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) among other banking regulators. PCI-DSS does not address all of the legal and regulatory security requirements that American Express must comply with. As such, American Express’s information security standards address specific concerns for our industry.
View Source
Security of Cardholder Data. (a) ▇▇▇▇▇▇ Beaumont has designed and implemented an Information Security Program that is designed to protect cardholder data in accordance with the Visa/MasterCard Cardholder Information Security Program (“CISP”) requirements. At all times during the term of the Agreement, ▇▇▇▇▇▇ Beaumont shall be in compliance with the CISP requirements, as the same may be revised from time to time.
View SourceView Similar (7)
Security of Cardholder Data. The Sub Merchant shall ensure that there are proper encryption and security measures at its Site to prevent any hacking into the information of the Sub Merchant. It shall be the obligation of Sub Merchant to verify the IP address of ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇ in the return/confirmation message URL. In the event of any loss being due to any act, which is beyond the control of the Sub Merchant, including any hacking into the Sub Merchants Site, the loss shall be borne by the Sub Merchant alone and not the Customer;
View SourceView Similar (3)
Security of Cardholder Data. Merchant shall ensure that there are proper encryption and security measures at its Site to prevent any hacking into the information of Merchant. It shall be the obligation of Merchant to verify the IP address of ▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇ in the return/confirmation message URL. In the event of any loss being due to any act, which is beyond the control of Merchant, including any hacking into Merchant Site, the loss shall be borne by Merchant alone and not by APPNIT.
View Source
Security of Cardholder Data. MBI has designed and implemented an Information Security Program that is designed to protect cardholder data in accordance with the Visa/MasterCard Cardholder Information Security Program (“CISP”) requirements. At all times during the term of the Agreement, MBI shall be in compliance with the CISP requirements, as the same may be revised from time to time.
View Source
Security of Cardholder Data. SecurePay is committed to maintaining the security of cardholder data it possesses or otherwise stores, processes, or transmits on your behalf, or to the extent that it could impact the security of your cardholder data environment.
View Source
Security of Cardholder Data. Upon activation of an account, Integrator acknowledges and agrees that it shall bear the sole responsibility for protecting the privacy of cardholder data in its possession in accordance with Applicable Law and any requirement of participating agencies.
View Source

Related to Security of Cardholder Data

  • Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.

  • Customer Data 5.1 The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. The customer being a contractor of DSA Airport, the customer shall not own the rights, title and interest in and to the Data which belongs to DSA Airport. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

  • Security of Data a. Each of the parties shall: i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons; ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party. b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission. c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message. d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall: i. immediately investigate the cause, effect and extent of such breach; ii. report the results of the investigation to the other party; and iii. use all reasonable endeavours to rectify the cause of such breach. e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.

  • Privacy of Customer Information The Seller’s Customer Information in the possession of the Administrative Agent or the Buyers, other than information independently obtained by the Administrative Agent or the Buyers and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Seller. Except in accordance with this Section 16.9, the Administrative Agent and the Buyers shall not use any Seller’s Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Seller’s Customer Information to any Person, including any of the Administrative Agent’s or the Buyers’ employees, agents or contractors or any third party not affiliated with the Administrative Agent or a Buyer. The Administrative Agent and the Buyers may use or disclose Seller’s Customer Information only to the extent necessary (i) for examination and audit of the Administrative Agent’s or the Buyers’ respective activities, books and records by their regulatory authorities, (ii) to market or sell Purchased Mortgage Loans or to enforce or exercise their rights under any Repurchase Document, (iii) to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express rights and obligations under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors), or (iv) in connection with an assignment or participation as authorized by Section 22 or in connection with any hedging transaction related to the Purchased Loans and for no other purpose; provided that the Administrative Agent and the Buyers may also use and disclose the Seller’s Customer Information as expressly permitted by the Seller in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Administrative Agent and the Buyers shall ensure that each Person to which the Administrative Agent or a Buyer intends to disclose Seller’s Customer Information, before any such disclosure of information, agrees to keep confidential any such Seller’s Customer Information and to use or disclose such Seller’s Customer Information only to the extent necessary to protect or exercise the Administrative Agents, the Buyers’ or the Custodian’s rights and privileges, or to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express obligations, under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors). The Administrative Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Seller’s Customer Information pursuant to such program in the same manner as the Administrative Agent does in respect of its own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 C.F.R. Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Administrative Agent and the Buyers shall use at least the same physical and other security measures to protect all of the Seller’s Customer Information in their possession or control as each of them uses for its own customers’ confidential and proprietary information.

  • Safeguarding Customer Information The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616 and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Master Servicer, the Trustee and the NIMS Insurer information reasonably available to it regarding such security measures upon the reasonable request of the Master Servicer, the Trustee and the NIMS Insurer which information shall include, but not be limited to, any Statement on Auditing Standards (SAS) No. 70 report covering the Servicer’s operations, and any other audit reports, summaries of test results or equivalent measures taken by the Servicer with respect to its security measures to the extent reasonably necessary in order for the Seller to satisfy its obligations under the Guidelines.