|
F. Card Association Assessment means a monetary assessment, fee, fine or penalty levied against MERCHANT by a Card
<br />Association as the result of: (i) a Data Security Event; or (ii) a security assessment conducted as the result of a Data Security Event.
<br />The Card Association Assessment shall not exceed the maximum monetary assessment, fee, fine or penalty permitted upon the
<br />occurrence of a Data Security Event by the applicable rules or agreement in effect as of the inception date of this CCAP for such Card
<br />Association. Card Association Assessment also means Compliance Case Costs and ADCR Fines. Card Association
<br />Assessment does not include Chargeback recovery, Chargeback fines or Chargeback expenses assessed directly against
<br />MERCHANT.
<br />G. Card Replacement Expenses means the costs that MERCHANT is required to pay by the Card Association to replace
<br />compromised Bank Cards as the result of (i) a Data Security Event or (ii) a security assessment conducted as the result of a Data
<br />Security Event.
<br />H. Chargeback means the procedure by which a Bank Card transaction is returned to MERCHANT who is then responsible for the
<br />amount of such transaction.
<br />1. Compliance Case Costs means costs and expenses incurred by a card issuer in monitoring and addressing Bank Card
<br />accounts which are reasonably believed to be compromised or at risk as a result of a Data Security Event and for which
<br />reimbursement is requested pursuant to rules of a Card Association. Compliance Case Costs do not include Chargeback amounts.
<br />J. Data Security Event means the actual or suspected unauthorized access to or use of Cardholder Information, arising out of
<br />MERCHANT's possession of or access to such Cardholder Information, which has been reported: (a) to a Card Association by
<br />MERCHANT and/or a financial institution who is sponsoring MERCHANT into the Card Association; or (b) to MERCHANT by a Card
<br />Association. All Security Event Expenses and Post Event Services Expenses resulting from the same, continuous, related or
<br />repeated event or which arise from the same, related or common nexus of facts, will be deemed to arise out of a single Data Security
<br />Event.
<br />K. Forensic Audit Expenses means the costs of a security assessment conducted by a qualified security assessor approved by a
<br />Card Association or the PCI Security Standards Council to determine the cause and extent of a Data Security Event.
<br />L. MID means a Merchant Identification Number assigned by TMS to MERCHANT, which is a unique number assigned to a
<br />location where MERCHANT accepts Bank Cards for payment.
<br />M. Notice Period means the thirty (30) day period commencing immediately upon the discovery by MERCHANT of a Data
<br />Security Event. However in no event shall the Notice Period extend pass the termination date of the CCAP.
<br />N. Pollutants means, but are not limited to, any solid, liquid, gaseous, biological, radiological or thermal irritant or contaminant,
<br />including smoke, vapor, dust, fibers, mold, spores, fungi, germs, soot, fumes, asbestos, acids, alkalis, chemicals and waste. "Waste"
<br />includes, but is not limited to, materials to be recycled, reconditioned or reclaimed and nuclear materials.
<br />0. Post Event Services Expenses means reasonable fees and expenses incurred by MERCHANT with TMS's prior written
<br />consent, for any service specifically approved by TMS in writing, including without limitation, identity theft education and assistance and
<br />credit file monitoring. Such services must be provided by or on behalf of TMS or MERCHANT within one (1) year following discovery of
<br />a Data Security Event covered under the CCAP to a Cardholder whose Cardholder Information is the subject of that Data Security
<br />Event for the primary purpose of mitigating the effects of such Data Security Event.
<br />P. Security Event Expenses means Card Association Assessments, Forensic Audit Expenses, Card Replacement
<br />Expenses and Post Event Services Expenses that MERCHANT is obligated to pay in connection with a Data Security Event.
<br />III. DUTIES IN THE EVENT OF A DATA SECURITY EVENT
<br />A. Before TMS agrees to support TMS's contractual obligations to MERCHANT under this CCAP, MERCHANT shall notify TMS in
<br />writing as soon as practicable within the Notice Period of an actual or alleged Data Security Event first discovered by MERCHANT
<br />during the CCAP term. Notice must include at a minimum:
<br />1. MERCHANT's name and all of MERCHANT's MIDs alleged to have been breached;
<br />2. A description of the Data Security Event;
<br />3. The potential number of Cardholders affected by the Data Security Event; and
<br />4. A copy of all notices and correspondence sent and/or received by MERCHANT, concerning the Data Security Event.
<br />B. All notices shall be sent to TMS at the following address:
<br />TSYS Merchant Solutions, LLC
<br />Attention: Legal Department / CCAP Event
<br />1601 Dodge Street, Floor 23 East
<br />Omaha, NE. 68102-1637
<br />C. Under all circumstances, MERCHANT shall not admit any liability, assume any financial obligation, pay any money, or incur any
<br />expense in connection with any Data Security Event without TMS's prior written consent. If MERCHANT elects to do so, it will be at
<br />MERCHANT's own expense.
<br />C. MERCHANT shall take reasonable steps to prevent a Data Security Event to the extent arising from the Program and to
<br />mitigate the loss arising out of a Data Security Event, including without limitation, following the procedures required by a Card
<br />201108 MTPA Terms and Conditions Page 24 of 35 CONFIDENTIAL
|