Laserfiche WebLink
• You may ` ' " ` `- `�r processing until after the merchan- American Express ESA 1-800-528-5200 <br /> dise has 6.1.D. - Page 22 �has been provided to the customer. American Express OnePoint 1-800-451-5817 <br /> (The Associations will permit the immediate billing of inerchandise JCB,International 1-800-366-4522 <br /> manufactured to the customer's specifications[i.e.,special/custom TeleCheck 1-800-366-1054 <br /> orders]provided the Cardholder has been advised of the billing details.) Voyager 1-800-987-6591 <br /> • You should provide a copy of the Sales Draft to the Cardholder at the � , , <br /> time of delivery.You must also obtain proof of delivery of the goods or <br /> services to the address designated by the Cardholder(i.e.,by getting a THE FOLLOWING IS IMPORTANT INFORMATION REGARDING THE <br /> signature of the Cardholder or person designated by the Cardholder PROTECTION OF CARDHOLDER DATA.PLEASE REVIEW CAREFULLY AS <br /> through the delivery carrier).If the Cardholder visits one of your FAILURE TO COMPLY CAN RESULT IN SUBSTANTIAL FINES AND LIABIL- <br /> locations to receive the goods or services purchased,obtain an imprint �TIES FOR UNAUTHORIZED DISCLOSURE AS WELL AS TERMINATION <br /> of the card and the Cardholder's signature. OF THIS AGREEMENT. <br /> 4.1. Payment Card Industry Data Security Standards(PCI D55). <br /> • Notify the Cardholder of delivery time frames and special handling Visa,MasterCard,American Express,Discover and JCB aligned data security <br /> and/or of cancellation policies.Merchandise shipping dates must be requirements to create a global standard for the protection of Cardholder <br /> within seven(7)days of the date Authorization was obtained.If,after data.The resulting Payment Card Industry Data Security Standards(PCI <br /> the order has been taken,additional delays will be incurred(e.g.,out of DSS)defines the requirements with which all entities that store,process, <br /> stock),notify the Cardholder and reauthorize the transaction. or transmit payment card data must comply.PCI DSS is the name used to <br /> • You may not require a Cardholder to complete a postcard or other identify those common data security requirements.The Cardholder <br /> document that displays the Cardholder's account number in clear view Information Security Program(CISP)is Visa USA's data security program, <br /> when mailed. the Site Data Protection(SDP)program is MasterCard's data security <br /> • If you accept orders via the Internet,your web site must include the program and Discover Information Security and Compliance(DISC)is <br /> Discover's data security program,each based on the PCI DSS and industry <br /> following information in a prominent manner: aligned validation requirements.PCI DSS PCI compliance validation is <br /> — Complete description of the goods or services offered focused on any system(s)or system component(s)where Cardholder data <br /> — Description of your merchandise return and CrediUrefund policy; is retained,stored,or transmitted,including: <br /> — Customer service contact,including email address and/or • All external connections into your network(i.e.,employee remote <br /> telephone number; access,third party access for processing,and maintenance). <br /> — Transaction currency(U.S.dollars,unless permission is otherwise • All connections to and from the Authorization and settlement <br /> received from Servicers); environment(i.e.,connections for employee access or for devices such <br /> as firewalls,and routers);and <br /> — Any applicable export or legal restrictions; • Any data repository outside of the Authorization and settlement <br /> — Delivery policy; environment. <br /> — Consumer data privacy policy; The Associations or we may impose fines or penalties,or restrict you from <br /> — A description of the transaction security used on your website;and accepting Cards if it is determined that you are not compliant with the <br /> applicable data security requirements.We may in our sole discretion, <br /> — The sale or disclosure of databases containing Cardholder account suspend or terminate Card processing Services under your Merchant <br /> numbers,personal information,or other Card transaction Agreement for any actual or suspected data security compromise. <br /> information to third parties is prohibited. <br /> Detailed information about DISC can be found at the PCI DSS Counsel's <br /> • You may not accept Card Account Numbers through Electronic Mail website:www.pcisecuritystandards.orq.Detailed information about Visa's <br /> over the Internet. CISP program can be found at Visa's CISP website:www.visa.com/cisp. <br /> NOTE: Address Verification Service("AVS"),does not guarantee against Detailed information about MasterCard's SDP program can be found at <br /> Chargebacks,but used properly it assists in reducing the risk of fraud by the MasterCard SDP website:https://sdp.mastercardintl.com. <br /> confirming whether certain elements of the billing address provided by Detailed information about DISC can be found at Discover DISC website: <br /> your customer match the billing address maintained by the Issuer.AVS also http://www.discovernetwork.com/fraudsecurity/disc.html.The PCI Data <br /> may help you avoid incurring additional interchange expenses.AVS is a Security Standard and detailed information about SDP,including the <br /> separate process from obtaining an Authorization and will provide a MasterCard Security Self-Assessment which you should complete,can be <br /> separate response.A transaction may not match addresses when submitted found at MasterCard's SDP website:https://sdp.mastercardintl.com. <br /> for AVS and still receive an Authorization.It is your responsibility to Detailed information about American Express Data Security Operating Policy <br /> monitor the AVS responses and use the information provided to avoid (DSOP)can be found at:https://www.americanexpress.com/datasecurity. <br /> high-risk transactions. <br /> 4.2. You must comply with the data security requirements <br /> 3.2.1. Discover Protocol for Internet Transactions. Each Internet shown below: <br /> Discover Card transaction accepted by you and submitted to us shall <br /> comply with Discover standards,including,without limitation,Discover ' You must install and maintain a secure network firewall to protect data <br /> standards governing the formatting,transmission and encryption of data, across public networks. <br /> referred to as the"designated protocol:'You shall accept only those • You must encrypt stored data and data sent across networks. <br /> Internet Discover Card transactions that are encrypted in accordance with . You must use and regularly update anti-virus software and keep <br /> the designated protocol.As of the date of these Operating Procedures, security patches up-to-date. <br /> the designated protocol for the encryption of data is Secure Socket Layer , You must restrict access to data by business"need to know;'assign a <br /> (SSL).We may,at our discretion,withhold Settlement until security <br /> unique ID to each person with computer access to data and track <br /> standards can be verified.However,the designated protocol,including access to data by unique ID. <br /> any specifications with respect to data encryption,may change at any <br /> time upon thirty(30)days advance written notice.You shall not accept • Don't use vendor-supplied defaults for system passwords and other <br /> any Internet Discover Card transaction unless the transaction is sent by security parameters. <br /> means of a browser which supports the designated protocol. • You must regularly test security systems and processes. <br /> 3.3. Customer Service Telephone Numbers for Card types which are • You must maintain a policy that addresses information security for <br /> funded by individual non-bank Associations include: employees and contractors. <br /> WFB1301 8 <br />