PCI: Contractual Language with Vendors

Summary

Text that must appear in contracts with vendors relating to services that process credit cards.

Body

All potential university merchants must deal with the contracting phase of the software or service acquisition in conjunction with the university controller and the Division of Technology Services.  We will assist you in determining the PCI-DSS requirements and to work through the contractual requirements of PCI-DSS.  Approved "boiler plate" contract language is below.  This is the bare minimum required in all contracts that pertain to processing credit card transactions.

ATTACHMENT ____: PCI COMPLIANCE ADDENDUM

For purposes of the Agreement, the term "cardholder data" refers to the unique identifier assigned by the card issuer that identifies the cardholder's account or other cardholder personal information.

  A. Contractor shall undertake commercially reasonable efforts to at all times comply with the Payment Card Industry Data Security Standard ("PCI-DSS") requirements for cardholder data that are prescribed in the PCI Data Security Standard or otherwise issued by the PCI Security Standards Council, as they may be amended from time to time (collectively, the "PCI-DSS Requirements").

  B. A copy of current PCI-DSS Requirements documentation is available on the PCI Security Standards Council website at https://www.pcisecuritystandards.org .

Details

Details

Article ID: 5119
Created
Mon 4/20/15 5:53 PM
Modified
Mon 5/13/24 2:35 PM

Related Articles

Related Articles (1)

Campus "merchants" are required to comply.