Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Terms & Conditions

Terms of Use

Legal Notices. The PCI Security Standards Council Web site www.pcisecuritystandards.org (the "Web site") is provided by the PCI Security Standards Council as a public service to our users. Please carefully review the following basic rules that govern your use of the Web site. Please note that your use of the Web site constitutes your unconditional agreement to follow and be bound by these Terms and Conditions of Use. If you ("User") do not agree to them, do not use the Web site, provide any materials to the site or download any materials from it. The PCI Security Standards Council reserves the right to update or modify these Terms and Conditions at any time without prior notice to User. Your use of the site following any such change constitutes your unconditional agreement to follow and be bound by these Terms and Conditions as changed. For this reason, we encourage you to review these Terms and Conditions of Use whenever you use this Web site. These Terms and Conditions of Use apply to the use of the PCI Security Standards Council site and do not extend to any linked third party sites. These Terms and Conditions and our Privacy Policy, which are hereby incorporated by reference, contain the entire agreement (the "Agreement") between the PCI Security Standards Council and User with respect to this site. Any rights not expressly granted herein are reserved.

Permitted and Prohibited Uses. User may use the PCI Security Standards Council Web site for the sole purpose of allowing PCI Security Standards Council professionals to share and exchange their ideas. User may not use the PCI Security Standards Council Web site to violate any applicable local, state, national, or international law, including without limitation any applicable laws relating to antitrust or other illegal trade or business practices, federal and state securities laws, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, and any U.S. laws, rules, and regulations governing the export and re-export of commodities or technical data. User may not upload or transmit any material that infringes or misappropriates any person's copyright, patent, trademark, or trade secret, or disclose via the PCI Security Standards Council Web site any information the disclosure of which would constitute a violation of a confidentiality obligation on User's part. User may not upload any viruses, worms, Trojan horses, or other forms of harmful computer code, nor subject the PCI Security Standards Council's network or servers to unreasonable traffic loads, or otherwise engage in conduct deemed disruptive to the ordinary operation of the PCI Security Standards Council's Web site. User is strictly prohibited from communicating on or through this site any unlawful, harmful, offensive, threatening, abusive, libelous, harassing, defamatory, vulgar, obscene, profane, hateful, fraudulent, sexually explicit, racially, ethnically, or otherwise objectionable material of any sort, including, but not limited to, any material that encourages conduct that would constitute a criminal offense, give rise to civil liability, or otherwise violate any applicable local, state, national, or international law.

User Submissions. The PCI Security Standards Council does not want to receive confidential or proprietary information from User through this site. Any material, information, or other communication User transmits or posts ("Communications") to the PCI Security Standards Council's Web site will be considered non-confidential and non-proprietary, and the PCI Security Standards Council will be under no obligation of any kind with respect to such information. The PCI Security Standards Council will be free to reproduce, make derivative works from, use, disclose, and distribute the Communications to others without limitation. At our sole election, the PCI Security Standards Council may provide authorship attribution by listing User's name.

User Discussion Forums. The PCI Security Standards Council may, but is not obligated to, monitor or review any areas on the PCI Security Standards Council's Web site where users transmit or post communications or communicate solely with each other, including but not limited to chat rooms, bulletin boards or other user forums, and the content of any such communications. The PCI Security Standards Council, however, will have no liability related to the content of any such communications, whether or not arising under the laws of copyright, libel, privacy, obscenity, or otherwise. The PCI Security Standards Council may edit or remove content on the PCI Security Standards Council Web site at its discretion at any time.

Use of Personally Identifiable Information. Information submitted to the PCI Security Standards Council's Web site is governed according to the PCI Security Standards Council's then-current Privacy Policy.

User agrees to provide true, accurate, current, and complete information when registering with our Web site. It is User's responsibility to maintain and promptly update this account information to keep it true, accurate, current, and complete. If User provides any information that is fraudulent, untrue, inaccurate, incomplete, or not current, or we have reasonable grounds to suspect that such information is fraudulent, untrue, inaccurate, incomplete, or not current, we reserve the right to suspend or terminate your account without notice and to refuse any and all current and future use of this site.

Although sections of the site may be viewed simply by visiting the site, in order to access some Content and/or additional features offered at the site, you may need to sign on as a guest or register as a member. If you create an account on the site, you may be asked to supply your name, address, a User ID and password. You are responsible for maintaining the confidentiality of the password and account and are fully responsible for all activities that occur in connection with your password or account. You agree to immediately notify us of any unauthorized use of either your password or account or any other breach of security. You further agree that you will not permit others, including those whose accounts have been terminated, to access this site using your account or User ID. You grant the PCI Security Standards Council, its affiliated companies, and all other persons or entities involved in the operation of the Site the right to transmit, monitor, retrieve, store, and use your information in connection with the operation of the Site and in the provision of services to you. The PCI Security Standards Council cannot and does not assume any responsibility or liability for any information you submit, or your or third parties' use or misuse of information transmitted or received using the PCI Security Standards Council's site. To learn more about how we protect the privacy of the personal information in your account, please visit our Privacy Policy.

Indemnification. User agrees to defend, indemnify and hold harmless the PCI Security Standards Council, its employees, directors, officers, affiliated companies, agents, vendors or suppliers from and against any and all claims, damages, costs and expenses, including reasonable attorneys' fees, arising from or related to your use or misuse of the site, including, without limitation, User's violation of these Terms and Conditions, the infringement by User, or any other subscriber or user of your account, of any intellectual property right or other right of any person or entity.

Termination. These Terms and Conditions of Use are effective until terminated by either party. If User no longer agrees to be bound by these Terms and Conditions, User must cease use of this Web site. If User is dissatisfied with this Web site, its content, or any of these terms, conditions, and policies, User's sole legal remedy is to discontinue using this Web site. The PCI Security Standards Council reserves the right to terminate or suspend your access to and use of this site, or parts of this site, without notice, if we believe, in our sole discretion, that such use is (i) in violation of any applicable law; (ii) is harmful to our interests or the interests, including intellectual property or other rights, of another person or entity; or (iii) where the PCI Security Standards Council has reason to believe that User is in violation of these Terms and Conditions of Use.

WARRANTY DISCLAIMER. THE PCI SECURITY STANDARDS COUNCIL'S WEB SITE AND ASSOCIATED MATERIALS ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, THE PCI SECURITY STANDARDS COUNCIL DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF INTELLECTUAL PROPERTY. THE PCI SECURITY STANDARDS COUNCIL MAKES NO REPRESENTATIONS OR WARRANTY THAT THE SITE WILL MEET YOUR REQUIREMENTS, OR THAT YOUR USE OF THE SITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE; NOR DOES THE PCI SECURITY STANDARDS COUNCIL MAKE ANY REPRESENTATION OR WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SITE. THE PCI SECURITY STANDARDS COUNCIL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE SITE OR THE INFORMATION, CONTENT, MATERIALS, OR PRODUCTS INCLUDED ON THIS SITE.

IN NO EVENT SHALL THE PCI SECURITY STANDARDS COUNCIL OR ANY OF ITS AFFILIATED COMPANIES, EMPLOYEES, DIRECTORS, OFFICERS, AGENTS, VENDORS OR SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION) ARISING OUT OF THE USE, MISUSE OF OR INABILITY TO USE THE SITE, EVEN IF THE PCI SECURITY STANDARDS COUNCIL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS DISCLAIMER CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

YOU UNDERSTAND AND AGREE THAT ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SITE IS AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA OR BUSINESS INTERRUPTION THAT RESULTS FROM THE DOWNLOAD OF CONTENT. THE PCI SECURITY STANDARDS COUNCIL SHALL NOT BE RESPONSIBLE FOR ANY LOSS OR DAMAGE CAUSED, OR ALLEGED TO HAVE BEEN CAUSED, DIRECTLY OR INDIRECTLY, BY THE INFORMATION OR IDEAS CONTAINED, SUGGESTED OR REFERENCED IN OR APPEARING ON THE SITE. YOUR PARTICIPATION IN THE SITE IS SOLELY AT YOUR OWN RISK. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM THE PCI SECURITY STANDARDS COUNCIL OR THROUGH THE PCI SECURITY STANDARDS COUNCIL, ITS EMPLOYEES, OR THIRD PARTIES SHALL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN. YOU ACKNOWLEDGE, BY YOUR USE OF THE PCI SECURITY STANDARDS COUNCIL WEB SITE, THAT YOUR USE OF THE SITE IS AT YOUR SOLE RISK.

Liability Limitation. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL OR EQUITABLE THEORY, WHETHER IN TORT, CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, SHALL THE PCI SECURITY STANDARDS COUNCIL OR ANY OF ITS AFFILIATED COMPANIES, EMPLOYEES, DIRECTORS, OFFICERS, AGENTS, VENDORS OR SUPPLIERS BE LIABLE TO USER OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL LOSSES OR DAMAGES OF ANY NATURE ARISING OUT OF OR IN CONNECTION WITH THE USE OF OR INABILITY TO USE THE PCI SECURITY STANDARDS COUNCIL WEB SITE OR FOR ANY BREACH OF SECURITY ASSOCIATED WITH THE TRANSMISSION OF SENSITIVE INFORMATION THROUGH THE PCI SECURITY STANDARDS COUNCIL SITE OR FOR ANY INFORMATION OBTAINED THROUGH THE PCI SECURITY STANDARDS COUNCIL SITE, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, LOSS OR CORRUPTION OF DATA, WORK STOPPAGE, ACCURACY OF RESULTS, OR COMPUTER FAILURE OR MALFUNCTION, EVEN IF AN AUTHORIZED REPRESENTATIVE OF THE PCI SECURITY STANDARDS COUNCIL HAS BEEN ADVISED OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

THE PCI SECURITY STANDARDS COUNCIL'S TOTAL CUMULATIVE LIABILITY FOR ANY AND ALL CLAIMS IN CONNECTION WITH THE PCI SECURITY STANDARDS COUNCIL'S WEB SITE WILL NOT EXCEED TWENTY FIVE THOUSAND U.S. DOLLARS ($25,000.00). USER AGREES AND ACKNOWLEDGES THAT THE FOREGOING LIMITATIONS ON LIABILITY ARE AN ESSENTIAL BASIS OF THE BARGAIN AND THAT THE PCI SECURITY STANDARDS COUNCIL WOULD NOT PROVIDE THE PCI SECURITY STANDARDS COUNCIL'S WEB SITE ABSENT SUCH LIMITATION.

General. The PCI Security Standards Council is based in the United States. The PCI Security Standards Council makes no claims that the Content on the site is appropriate or may be downloaded outside of the United States. Access to the Content may not be legal by certain persons or in certain countries. If you access the site from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction. These Terms are governed in all respects by the laws of the State of Delaware, excluding Delaware's conflicts of laws provisions. The provisions of the UN Convention on Contracts for the International Sale of Goods will not apply to these Terms. A party may give notice to the other party only in writing at that party's principal place of business, attention of that party's principal legal officer, or at such other address or by such other method as the party shall specify in writing. Notice shall be deemed given upon personal delivery or facsimile, or, if sent by certified mail with postage prepaid, 5 business days after the date of mailing, or, if sent by international overnight courier with postage prepaid, 7 business days after the date of mailing. If any provision herein is held to be unenforceable, the remaining provisions will continue in full force without being affected in any way. Further, the parties agree to replace such unenforceable provision with an enforceable provision that most closely approximates the intent and economic effect of the unenforceable provision. Section headings are for reference purposes only and do not define, limit, construe or describe the scope or extent of such section. The failure of the PCI Security Standards Council to act with respect to a breach of this Agreement by User or others does not constitute a waiver and shall not limit the PCI Security Standards Council's rights with respect to such breach or any subsequent breaches. Any action or proceeding arising out of or related to this Agreement or User's use of this site must be brought in the state or federal courts of the State of California, and User consents to the exclusive personal jurisdiction and venue of such courts. Any cause of action you may have with respect to your use of this site must be commenced within one (1) year after the claim or cause of action arises. These Terms set forth the entire understanding and agreement of the parties, and supersedes any and all oral or written agreements or understandings between the parties, as to their subject matter. The waiver of a breach of any provision of this Agreement shall not be construed as a waiver of any other or subsequent breach.

Links to Other Materials. This Site may contain links to sites owned or operated by independent third parties. These links are provided for your convenience and reference only. We do not control such sites and, therefore, we are not responsible for any content posted on these sites. The fact that the PCI Security Standards Council offers such links should not be construed in any way as an endorsement, authorization, or sponsorship of that site, its content or the companies or products referenced therein, and the PCI Security Standards Council reserves the right to note its lack of affiliation, sponsorship, or endorsement on this site. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk. Because some sites employ automated search results or otherwise link you to sites containing information that may be deemed inappropriate or offensive, the PCI Security Standards Council cannot be held responsible for the accuracy, copyright compliance, legality, or decency of material contained in third party sites, and you hereby irrevocably waive any claim against us with respect to such sites.

Notification Of Possible Copyright Infringement. In the event you believe that material or content published on the site may infringe on your copyright or that of another, please provide detailed written notice of such possible infringement to secretariat@pcisecuritystandards.org, the PCI Security Standards Council, 781-876-8855 phone, 781-224-1239 fax.


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.