merchant-agreement
merchant-agreement
merchant-agreement
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
34<br />
(b) you must not store the personal identifi cation number (PIN) or sensitive<br />
authentication data after authorization (even if encrypted); and<br />
(c) if you use a service provider who stores or transmits cardholder data, you are<br />
responsible for ensuring the security of that data; and<br />
(d) if we tell you that you must comply with the Payment Card Industry Data Security<br />
Standards, you must , at your cost, successfully complete the protocols for PCIDSS<br />
within the time frame stipulated by us or the card schemes. You acknowledge and<br />
agree that if you fail to do so:<br />
(i) we may terminate the <strong>merchant</strong> services; and<br />
(ii) you are liable for any fi ne imposed upon us by the card schemes as a result of<br />
your failure to comply; and<br />
(iii) you are liable for any penalties which the card schemes levy in the event that<br />
you suffer a card data compromise incident, and have not complied with the<br />
PCIDSS Accreditation program; and<br />
(e) you agree to comply with the 12 key requirements of PCIDSS as detailed in the NAB<br />
PCIDSS brochure; and<br />
(f) you agree that any software or hardware you purchase, create or otherwise utilise for<br />
the purpose of selling goods or services online does not retain its original password<br />
before installing a system on your network which is used for the acceptance of card<br />
payments or other security parameters. You agree that all passwords are changed on<br />
a regular basis; and<br />
(g) you grant enduring right for NAB to contact any Service Providers that enable you to<br />
acquire credit card transactions. This clause is limited to the purpose of determining<br />
the extent of a data breach, assessing remedies for that data breach and assessing<br />
the level of compliance with PCIDSS; and<br />
(h) NAB is obliged to report all data breach events to card schemes, law enforcement<br />
agencies and/or Australian regulators. You grant irrevocable and enduring consent<br />
for NAB to release details of any such data breach to the aforementioned bodies; and<br />
(i) if you have suffered a data breach:<br />
(i) you must give NAB and its agents full access to your systems and databases to<br />
facilitate a forensic analysis to ascertain:<br />
(A) what card data has been compromised; and<br />
(B) what weaknesses in the system permitted the unauthorised access to the<br />
data base; and<br />
(C) whether card data was created, deleted, altered, copied or manipulated in<br />
any manner; and<br />
(ii) if you use the services of any external Service Provider, you give NAB and its<br />
agents full access to necessary outsourced components such as data bases and