|
Federated Single Sign -on credentials) provided or approved by us to authenticate
<br />access to, and use of, the Services and any Software
<br />38.11. Indemnification. In addition to other indemnifications provided in this
<br />Agreement, you agree to indemnify and hold us, our Affiliates and third party service
<br />providers harmless from and against all losses, liabilities, damages and expenses
<br />arising from (a) your use of the Clover Security Plus, including any Software or
<br />Equipment provided under this Agreement: or (b) any other person's authorized or
<br />unauthorized access and/or use of the Clover Security Plus (or any part). Software
<br />or Equipment, whether or not using your unique username. password, or other
<br />security features.
<br />38.12. Liability Waiver.
<br />38.12.1. Subject to your subscribing to the entire Clover Security Pius bundle and to
<br />the terms of this Agreement, we agree to waive liability that you have to us under
<br />this Agreement for Security Event Expenses resulting from a Data Incident first
<br />discovered by you or us while you are receiving and utilizing the Clover Security
<br />Plus (the "Liability Waiver').
<br />38.12.2. The maximum amount of Liability Waiver for all Data Incident Expenses
<br />arising out of or relating to your Data Security Events first discovered during any
<br />Program Year regardless of the number of such Data Security Events is as follows
<br />a) $100,000 00 maximum per each MID you have, and
<br />b) $500,000 aggregate maximum for all of your MID's
<br />38.12.3. In addition to Section 38 11 2 the maximum amount of Liability Waiver
<br />during any TransArmor Program Year for EMV Upgrade Costs is further limited as
<br />follows
<br />a) $10.000 maximum per each MID you have, and
<br />b) $25,000 00 aggregate maximum for all of your MID's
<br />These limitations apply during each twelve-month period from June 1 through May
<br />31 regardless of the number of Data Incidents you may experience
<br />38.12.4. All Data Incident Expenses resulting from the same, continuous, related or
<br />repeated event or facts will be deemed to arise out of one Data Incident for
<br />purposes of these limits The Liability Waiver is available only while you are using
<br />and paying for Clover Security Plus
<br />38.12.5. The Liability Waiver will not apply to any of the following (a) any Data
<br />Incident that began before you started using Clover Security Plus or that is reported
<br />to us after you stopped using Clover Security Plus, (b) any fines or assessments
<br />against you that are not the direct result of a Data Incident, (c) any repeated Data
<br />Incidents, unless between the repeated events a qualified security assessor certified
<br />you as PCI -compliant, (d) any routine or recurring expenses for security
<br />assessments, regulatory examinations, or compliance activities, (e) any Data
<br />Incident that occurs during any period of time that (1) a Payments Organization has
<br />categorized you as a Level 1 or Level 2 merchant, or (2) you have processed more
<br />than 6 million transactions during the 12 -month period before the Data Incident, (f)
<br />any expenses (other than Data Incident Expenses) incurred to bring you into
<br />compliance with the PCI DSS or a similar security standard, or (g) any Data Incident
<br />Expenses that arise out of an uncontrollable event or any intentional, reckless, or
<br />grossly negligent misconduct on your part
<br />38.13. Export Compliance
<br />38.13.1. You agree not to export or re-export any Software or Equipment or any
<br />underlying information except in full compliance with all applicable laws and
<br />regulations
<br />38.13.2. None of the Software or Equipment or any underlying information may be
<br />downloaded or otherwise exported or re-exported (a) to any country to which the
<br />United States has embargoed goods (or any national or resident thereof), (b) to
<br />anyone on the United States Treasury Departments list of Specially Designated
<br />Nationals or the United States Commerce Department's Table of Deny Orders, or
<br />(c) in any manner not in full compliance with the requirements of the United States
<br />Bureau of Industry and Security and all applicable Export Administration
<br />Regulations
<br />38.13.3. If you have rightfully obtained Software or Equipment or any underlying
<br />information outside of the United States, you agree not to re-export the same except
<br />as permitted by the laws and regulations of the United States and the laws and
<br />regulations of the jurisdiction in which you obtained it You warrant that you are not
<br />located in, under the control of. or a national or resident of any such country or on
<br />any such list
<br />38.14. Definitions:
<br />a) Card Organization Assessment means a monetary assessment fee, fine or
<br />penalty levied against you or us by a Card Organization as the result of (i) a Data
<br />Security Event or (it) a security assessment conducted as the result of a Data
<br />Secunty Event. provided that The Card Organization Assessment shall not exceed
<br />the maximum monetary assessment, fee fine or penalty permitted upon the
<br />occurrence of a Data Security Event by the applicable rules or agreement in effect
<br />as of the inception date of this Agreement for such Card Organization,
<br />b) Cardholder Information means the data contained on a Card, or otherwise
<br />provided to Client, that is required by the Card Organization or us in order to
<br />process, approve and/or settle a Card transaction,
<br />c) Card Replacement Expenses means the costs that the we or you are required
<br />to pay by the Card Organization to replace compromised Cards as the result of (i) a
<br />Data Security Event or (ii) a security assessment conducted as the result of a Data
<br />Security Event
<br />A TRUE COPY
<br />CERTIFICATION ON LAST PAGE
<br />d) Data Protection is a Clover Security Plus�s�ry prg11 encryption of
<br />cardholder data at your payment environment' d replac th %rth a token or
<br />randomly generated number,
<br />e) Clover Security Plus is the suite of security services provided by us and known
<br />as TransArmor
<br />f) Data Security Event means the actual or suspected unauthorized access to or
<br />use of Cardholder Information, arising out of your possession of or access to such
<br />Cardholder Information which has been reported (i) to a Card Organization by you
<br />or us or (ii) to you or us by a Card Organization All Security Event Expenses and
<br />Post Event Services Expenses resulting from the same, continuous, related or
<br />repeated event or which arise from the same, related or common nexus of facts, will
<br />be deemed to arise out of one Data Security Event.
<br />g) Documentation means any documents, instructions, web screen, layouts or any
<br />other materials provided by us relating to the Software or the Clover Security Plus,
<br />h) Equipment means equipment rented to or purchased by you under this
<br />Agreement and any documents setting out additional terms on which Equipment is
<br />rented to or purchased by you,
<br />i) EMV Upgrade Costs means cost to upgrade payment acceptance and
<br />processing hardware and software to enable you to accept and process EMV-
<br />enabled Card in a manner compliant with PCI Data Security Standards.
<br />j) Forensic Audit Expenses means the costs of a security assessment conducted
<br />by a qualified security assessor approved by a Card Organization or PCI Security
<br />Standards Council to determine the cause and extent of a Data Security Event.
<br />k) Liability Waiver has the meaning as set forth in Section 38 11 1 above.
<br />1) Marks means the names logos, emblems, brands, service markstrademarks,
<br />trade names, tag Imes or other proprietary designations:.
<br />m) Post Event Services Expenses means reasonable fees and expenses incurred
<br />by us
<br />or you with our prior written consent, for any service specifically approved by us in
<br />writing, including, without limitation, identity theft education and assistance and
<br />credit file monitoring. Such services must be provided by or on behalf of us or you
<br />within one (1) year following discovery of a Data Security Event to a Cardholder
<br />whose Cardholder Information is the subject of that Data Security Event for the
<br />primary purpose of mitigating the effects of such Data Security Event:
<br />n) Program Year means the period from November 1st through October 31st of
<br />each year.
<br />o) Security Event Expenses means Card Organization Assessments, Forensic
<br />Audit Expenses and Card Replacement Expenses Security Event Expenses also
<br />includes EMV Upgrade Costs you agree to incur in lieu of a Card Organization
<br />Assessment,
<br />p) Software means all software computer programs, related documentation,
<br />technology, know-how and processes embodied in the Equipment (i e. firmware) or
<br />otherwise provided to you under this Agreement For the avoidance of doubt, the
<br />term Software shall not include any third party software available as part of a service
<br />provided from someone other than us or our vendors or which may be obtained by
<br />you separately from the Clover Security Plus (e.g any applications downloaded by
<br />you through an application marketplace);
<br />q) TransArmor PCI is a Clover Security Plus service that provides access to online
<br />PCI DSS Self -Assessment Questionnaires (SAO) to validate PCI data standards
<br />and
<br />TransArmor Data Protection Service
<br />38.15. The TransArmor Data Protection service encrypts cardholder data at the
<br />point of transaction and replaces it with a unique identifier (a token) that is returned
<br />with the authorization response You must use the token you receive with the
<br />authorization response instead of the card number for all other activities associated
<br />with the transaction, including settlement, retrieval, chargeback, or adjustment
<br />processing as well as transaction reviews If you fully deploy and use the
<br />TransArmor Data Protection service, the token returned to you with the authorization
<br />response cannot be used to initiate a financial sale transaction by an unauthorized
<br />person outside your point of sale systems or the systems where you store your
<br />transaction data The TransArmor Data Protection service can only be used with a
<br />point of sale device. gateway, or service that we have certified as being eligible for
<br />the TransArmor Data Protection service The TransArmor Data Protection Service is
<br />provided to you by Processor and not by Bank
<br />38.16. Use of the TransArmor Data Protection Service does not (a) guarantee
<br />compliance with any laws Rules, or applicable standards (including the PCI DSS)
<br />(b) affect your obligation to comply with laws, Rules and applicable standards
<br />(including the PCI DSS). or (c) guarantee protection against a Data Incident
<br />If you elect to utilize the Payeezy Gateway Services, the following additional terms
<br />and conditions of this Section 39 shall apply
<br />The Payeezy Gateway Services are provided to you by Processor and not Bank
<br />Bank is not a party to this Agreement insofar as it applies to the Payeezy Gateway
<br />Services. and Bank is not liable to you in any way with respect to such services For
<br />the purposes of this Section 39, the words `we,' "our' and 'us' refer only to the
<br />Processor and not the Bank.
<br />CardCo2305 30
<br />
|