BANCORP BANK (THE); PHOENIX PAYMENT SYSTEMS, INC. DBA ELECTRONIC PAYMENT EXCHANGE (EPX)

Home Browse Search

ii. In the event of a security intrusion, Merchant agrees to fiilly cooperate with a third party approved Payment Card Industry assessor and/or representative to conduct a thorough security review and validate compliance with the Payment Card Industry Data Security Standards (PCI) for protecting Cardholder data; iii. Merchant is responsible for security of Cardholder data in possession- iv. Bank, EPX, Merchant and each payment card brand have ownership?of Cardholder data and may use such data ONLY for assisting these parties in the completion of Transactions, supporting a loyalty program, providing fraud control services, or for other uses specifically required by law; v. In the event this Agreement is terminated by any of the parties, each party agrees to continue to treat account holder data as confidential; vi. Immediately notify Visa USA Risk Management, through its acquirer, of the use of a Merchant Servicer; and vii. Ensure the Merchant Servicer implements and maintains all of the security requirements, as specified in the PCI program. viii. Merchant must ensure PCI compliance of any residual data which may exist. Any residual data which is destroyed must be disposed of in a secure manner. 5.4. Use of EPX Systems. Use of software programs approved by EPX and related equipment installed or improved by EPX for use with the EPX System, will be subject to the following: i. Merchant will use and operate the EPX Systems only in accordance with Manuals, as amended from time to time by EPX; ii. If Merchant is using_EPX-provided software, Merchant will install, use and operate the Software only in accordance with the Manuals, as amended from time to time by EPX; iii. In processing Transactions, Merchant shall use only software programs, file formats and processing methods that have been approved and certified by EPX's Integration staff; and iv. Merchant shall be responsible for the custody and control of all passwords provided by EPX to Merchant to access the EPX reporting system. 5.5. Compliance with Applicable Law. Merchant represents and warrants that it has obtained all necessary regulatory approvals, certificates and licenses to provide any services it intends to offer and that it is in compliance with the regulations of the Federal Trade Commission and the Federal Communications Commission and shall comply with all present and future federal, state and local laws and regulations pertaining to Transactions, including, without limitation, the Federal Fair Credit Reporting Act, the Federal Truth-in-Lending Act, the Electronic Fund Transfers Act, the Federal Equal Credit Opportunity Act, as amended, and the Telephone Disclosure and Dispute Resolution Act, as applicable. 5.6. Web Site Requirements for E-Commerce Merchants. A web site operated by the Merchant that accepts Card Transactions must contain all of the following information: i. Complete description of the services offered; ii. Return merchandise and refund policy; which includes the communication of the return policy during the order process and the requirement that the cardholder must be allowed to select a "click to accept" option or other affirmative button to acknowledge the policy; iii. Terms and conditions must be displayed on the same screen view as the checkout screen used to present the total purchase amount; or iv. Within the sequence of web pages the cardholder accesses during the checkout process. v. Customer service contact including e-mail address or telephone number; vi. Transaction currency; vii. Export or legal restrictions; viii. Delivery policy; ix. Consumer data privacy policy; x. The security method offered for transmission of payment data such as Secure Sockets Layer or 3-D Secure; and Initials Pa,e 7 of 19