Laserfiche WebLink
11. Regularly test security systems and processes <br /> 12. Maintain a policy that addresses information security <br /> ii. In the event of a security intrusion, Merchant agrees to fully cooperate with a third party <br /> approved Payment Card Industry assessor and/or representative to conduct a thorough <br /> security review and validate compliance with the Payment Card Industry Data Security <br /> Standards (PCq for protecting Cardholder data; <br /> iii. Merchant is responsible for security of Cardholder data in possession; <br /> iv. Bank, EPX, Merchant and each payment card brand have ownership of Cardholder <br /> data and may use such data ONLY for assisting these parties in the completion of <br /> Transactions, supporting a loyalty program, providing fraud control services, or for other <br /> uses specifically required by law; <br /> v. In the event this Agreement is terminated by any of ihe parties, each party agrees to <br /> continue to treat account holder data as confidential; <br /> vi. Immediately �otify Visa USA Risk Management, through its acquirer, of the use of a <br /> Merchant Servicer; and <br /> vii. Ensure the Merchant Servicer implements and , maintains all of the security <br /> requirements, as specified in the PCI program. <br /> viii. Merchant must ensure PCI compliance of any residual data which may exist. Any <br /> residual data which is destroyed must be disposed of in a secure manner. <br /> InfoSend agrees to meet these requirements for itself and is a level 1 compliant and audited <br /> company. InfoSend takes on no warrantee for those situations where the City may be <br /> responsible for meeting these requirements on its own. <br /> 5.4 Use of EPX Svstems. Use of software programs approved by EPX and related equipment <br /> installed or improved by EPX for use with the EPX System, will be subject to the following: <br /> i. Merchant will use and operate the EPX Systems only in accordance with Manuals, as <br /> amended from time to time by EPX; <br /> ii. If Merchant is using EPX-provided soflware, Merchant will install, use and operate the <br /> Soflware only in accordance with the Manuals, as amended from time to time by EPX; <br /> iii. In processing Transactions, Merchant shall use only software programs, file formats <br /> and processing methods that have been approved and certified by EPX's Integration <br /> staff; and <br /> iv. Merchant shall be responsible for the custody and wntrol of all passwords provided by <br /> EPX to Merchant to access the EPX reporting system. <br /> 5.5 Compliance with Apolicable Law. Merchant represents and warrants that it has obtained all <br /> necessary regulatory approvals, certificates and licenses to provide any services it intends to <br /> offer and that it is in compliance with the regulations of the Federal Trade Commission and the <br /> Federal Communications Commission and shall comply with all present and future federal, . <br /> state and local laws and regulations pertaining to Transactions, including, without limitation, <br /> the Federal Fair Credit Reporting Act, the Federal Truth-in-Lending Act, the Electronic Fund <br /> Transfers Act, the Federal Equal Credit Opportunity Act, as amended, and the Telephone <br /> Disclosure and Dispute Resolution Act, as applicable. <br /> 5.6 Web Site Reauirements for E-Commerce Merchants. A web site operated by the Merchant <br /> that accepts Card Transactions must contain all of the following information: <br /> i. Complete description of the services offered; <br /> ii. Return merchandise and refund policy; which includes the communication of the <br /> retum policy during the order process and the requirement that the cardholder must <br /> be allowed to select a"click to accepY' option of other affirmative button to <br /> acknowledge the policy; <br /> iii. Terms and conditions must be displayed on the same screen view as the checkout <br /> screen used to resent the total urchase amount or . <br />