|
Federated Single Sign -on credentials) provided or approved by us to authenticate
<br />access to, and use of, the Services and any Software.
<br />38.11. Indemnification. In addition to other indemnifications provided in this
<br />Agreement, you agree to indemnify and hold us, our Affiliates and third party service
<br />providers harmless from and against all losses, liabilities, damages and expenses
<br />arising from (a) your use of the Clover Security Plus, including any Software or
<br />Equipment provided under this Agreement; or (b) any other person's authorized or
<br />unauthorized access and/or use of the Clover Security Plus (or any part), Software
<br />or Equipment, whether or not using your unique username, password, or other
<br />security features.
<br />38.12. Liability Waiver.
<br />38.12.1. Subject to your subscribing to the entire Clover Security Plus bundle and to
<br />the terms of this Agreement, we agree to waive liability that you have to us under
<br />this Agreement for Security Event Expenses resulting from a Data Incident first
<br />discovered by you or us while you are receiving and utilizing the Clover Security
<br />Plus (the "Liability Waiver").
<br />38.12.2. The maximum amount of Liability Waiver for all Data Incident Expenses
<br />arising out of or relating to your Data Security Events first discovered during any
<br />Program Year regardless of the number of such Data Security Events is as follows:
<br />a) $100,000.00 maximum per each MID you have; and
<br />b) $500,000 aggregate maximum for all of your MID's.
<br />38.12.3. In addition to Section 38.11.2., the maximum amount of Liability Waiver
<br />during any TransArmor Program Year for EMV Upgrade Costs is further limited as
<br />follows:
<br />a) $10,000 maximum per each MID you have; and
<br />b) $25,000.00 aggregate maximum for all of your MID's.
<br />These limitations apply during each twelve-month period from June 1 through May
<br />31 regardless of the number of Data Incidents you may experience.
<br />38.12.4. All Data Incident Expenses resulting from the same, continuous, related or
<br />repeated event or facts will be deemed to arise out of one Data Incident for
<br />purposes of these limits. The Liability Waiver is available only while you are using
<br />and paying for Clover Security Plus.
<br />38.12.5. The Liability Waiver will not apply to any of the following: (a) any Data
<br />Incident that began before you started using Clover Security Plus or that is reported
<br />to us after you stopped using Clover Security Plus; (b) any fines or assessments
<br />against you that are not the direct result of a Data Incident; (c) any repeated Data
<br />Incidents, unless between the repeated events a qualified security assessor certified
<br />you as PCI -compliant; (d) any routine or recurring expenses for security
<br />assessments, regulatory examinations, or compliance activities; (e) any Data
<br />Incident that occurs during any period of time that (1) a Payments Organization has
<br />categorized you as a Level 1 or Level 2 merchant, or (2) you have processed more
<br />than 6 million transactions during the 12 -month period before the Data Incident; (f)
<br />any expenses (other than Data Incident Expenses) incurred to bring you into
<br />compliance with the PCI DSS or a similar security standard; or (g) any Data Incident
<br />Expenses that arise out of an uncontrollable event or any intentional, reckless, or
<br />grossly negligent misconduct on your part.
<br />38.13. Export Compliance
<br />38.13.1. You agree not to export or re-export any Software or Equipment or any
<br />underlying information except in full corn liance with all a 1' bl I d
<br />A TRUE COPY
<br />CERTIFICATION ON LAST PAGE
<br />d) Data Protection is a Clover Security Plus'Rse vice ifiaYFt3vide5 encryption of
<br />cardholder data at your payment environment and replaces the data with a token or
<br />randomly generated number;
<br />e) Clover Security Plus is the suite of security services provided by us and known
<br />as TransArmor.
<br />f) Data Security Event means the actual or suspected unauthorized access to or
<br />use of Cardholder Information, arising out of your possession of or access to such
<br />Cardholder Information, which has been reported (i) to a Card Organization by you
<br />or us or (ii) to you or us by a Card Organization. All Security Event Expenses and
<br />Post Event Services Expenses resulting from the same, continuous, related or
<br />repeated event or which arise from the same, related or common nexus of facts, will
<br />be deemed to arise out of one Data Security Event;
<br />g) Documentation means any documents, instructions, web screen, layouts or any
<br />other materials provided by us relating to the Software or the Clover Security Plus;
<br />h) Equipment means equipment rented to or purchased by you under this
<br />Agreement and any documents setting out additional terms on which Equipment is
<br />rented to or purchased by you;
<br />1) EMV Upgrade Costs means cost to upgrade payment acceptance and
<br />processing hardware and software to enable you to accept and process EMV-
<br />enabled Card in a manner compliant with PCI Data Security Standards;
<br />j) Forensic Audit Expenses means the costs of a security assessment conducted
<br />by a qualified security assessor approved by a Card Organization or PCI Security
<br />Standards Council to determine the cause and extent of a Data Security Event;
<br />k) Liability Waiver has the meaning as set forth in Section 38.11.1 above;
<br />1) Marks means the names, logos, emblems, brands, service marks, trademarks,
<br />trade names, tag lines or other proprietary designations;
<br />m) Post Event Services Expenses means reasonable fees and expenses incurred
<br />by us
<br />or you with our prior written consent, for any service specifically approved by us in
<br />writing, including, without limitation, identity theft education and assistance and
<br />credit file monitoring. Such services must be provided by or on behalf of us or you
<br />within one (1) year following discovery of a Data Security Event to a Cardholder
<br />whose Cardholder Information is the subject of that Data Security Event for the
<br />primary purpose of mitigating the effects of such Data Security Event;
<br />n) Program Year means the period from November 1st through October 31st of
<br />each year;
<br />o) Security Event Expenses means Card Organization Assessments, Forensic
<br />Audit Expenses and Card Replacement Expenses. Security Event Expenses also
<br />includes EMV Upgrade Costs you agree to incur in lieu of a Card Organization
<br />Assessment;
<br />p) Software means all software, computer programs, related documentation,
<br />technology, know-how and processes embodied in the Equipment (i.e. firmware) or
<br />otherwise provided to you under this Agreement. For the avoidance of doubt, the
<br />term Software shall not include any third party software available as part of a service
<br />provided from someone other than us or our vendors or which may be obtained by
<br />you separately from the Clover Security Plus (e.g. any applications downloaded by
<br />you through an application marketplace);
<br />q) TransArmor PCI is a Clover Security Plus service that provides access to online
<br />PCI DSS Self -Assessment Questionnaires (SAO) to validate PCI data standards:
<br />V ppica a aws an and
<br />regulations. TransArmor Data Protection Service
<br />38.13.2. None of the Software or Equipment or any underlying information may be 38.15. The TransArmor Data Protection service encrypts cardholder data at the
<br />downloaded or otherwise exported or re-exported (a) to any country to which the point of transaction and replaces it with a unique identifier (a token) that is returned
<br />United States has embargoed goods (or any national or resident thereof); (b) to with the authorization response. You must use the token you receive with the
<br />anyone on the United States Treasury Department's list of Specially Designated authorization response instead of the card number for all other activities associated
<br />Nationals or the United States Commerce Department's Table of Deny Orders; or with the transaction, including settlement; retrieval, chargeback, or adjustment
<br />(c) in any manner not in full compliance with the requirements of the United States processing as well as transaction reviews. If you fully deploy and use the
<br />Bureau of Industry. and Security and all applicable Export Administration TransArmor Data Protection service, the token returned to you with the authorization
<br />Regulations. response cannot be used to initiate a financial sale transaction by an unauthorized
<br />38.13.3. If you have rightfully obtained Software or Equipment or any underlying person outside your point of sale systems or the systems where you store your
<br />information outside of the United States, you agree not,to re-export the same except transaction data. The TransArmor Data Protection service can only be used with a
<br />as permitted by.the laws and regulations of the United States and the laws and point of sale device, gateway, or service that we have certified as being eligible for
<br />regulations of the jurisdiction in which you obtained it. You warrant that you are not the TransArmor Data Protection service. The TransArmor Data Protection Service is
<br />located in, under the control of, or a national or resident of any such country or on provided to you by Processor and not by Bank.
<br />any such list. 38.16. Use of the .TransArmor Data Protection Service does not (a) guarantee
<br />38.14. Definitions:
<br />a) Card Organization Assessment means a monetary assessment, fee, fine or
<br />penalty levied against you or us by a Card Organization as the result of (i) a Data
<br />Security Event or (ii) a security assessment conducted as the result of a Data
<br />Security Event; provided, that The Card Organization Assessment shall not exceed
<br />the maximum monetary assessment, fee, fine or penalty permitted upon the
<br />occurrence of a Data Security Event by the applicable rules or agreement in effect
<br />as of the inception date of this Agreement for such Card Organization;
<br />b) Cardholder Information means the data contained on a Card, or otherwise
<br />provided to Client, that is required by the Card Organization or us in order to
<br />process, approve and/or settle a Card transaction;
<br />c) Card Replacement Expenses means the costs that the we or you are required
<br />to pay by the Card Organization to replace compromised Cards as the result of (i) a
<br />Data Security Event or (ii) a security assessment conducted as the result of a Data
<br />Security Event;
<br />compliance with any laws, Rules, or applicable standards (including the PCI DSS),
<br />(b) affect your obligation to comply with laws, Rules, and applicable standards
<br />(including the PCI DSS), or (c) guarantee protection against a Data Incident.
<br />If you elect to utilize the Payeezy Gateway Services, the following additional terms
<br />and conditions of this Section 39 shall apply.
<br />The Payeezy Gateway Services are provided to you by Processor and not Bank.
<br />Bank is not a party to this Agreement insofar as it applies to the Payeezy Gateway
<br />Services, and Bank is not liable to you in any way with respect to such services. For
<br />the purposes of this Section 39, the words "we," "our" and "us" refer only to the
<br />Processor and not the Bank.
<br />CardCo2305 30
<br />
|