This article details the prerequisites for exports of merchant data. The recipient is designated by the merchant.
For the merchant's reference, the client data transfer request form is attached. The form, with option #3 selected, must be completed and returned to firstname.lastname@example.org by the signer of the merchant application. A support ticket will be created automatically and the requester can use it to relay information received from the designated recipient.
From the designated recipient
1. Legal business name and address.
- An indemnification agreement will be drafted by the Forte/CSG legal department. Thereafter, designated recipient listed below will be receiving an email* from our Apttus application, which is the Data Release and Indemnification agreement. Please open, electronically sign, and return this agreement.
*Note: the email may originate from an csgi.com email address.
2. Email address of primary signatory responsible for executing an indemnification agreement. As needed, provide emails of other parties that need to be cc-d with respect to indemnification agreements.
- A Word version of the agreement will be provided to propose, if needed, red-line edits.
3. Signed indemnification agreement, from above. Upon Forte/CSG approval, a countersigned agreement will be returned.
4. Name, email, and phone of designated recipient contact assigned to the data migration project.
5. Public PGP key
6. Current attestation of PCI Compliance, PCI-AOC or suitable documentation, with a valid-through date. We cannot accept proof of PCI compliance which is self-reported.
7. If data delivery will be completed through email, provide the recipient's email. The recipient's email must be registered to the legal business from requirement #1.
8. If data delivery will be completed through an upload to the designated recipient's secure FTP server, provide the server's URL, port, login information, and the destination folder. The secure FTP server must be registered to the legal business from requirement #1.