This article details the prerequisites for exports of merchant data. The recipient is designated by the merchant.
For the merchant's reference, the client data transfer request form is attached. The form, with option #3 selected, must be completed and returned to firstname.lastname@example.org by the signer of the merchant application. A support ticket will be created automatically and the requester can use it to relay information received from the designated recipient.
From the designated recipient
1. Legal business name and address.
- Purpose: An indemnification agreement will be drafted by the Forte/CSG legal department. A Word version of the agreement will be provided to propose, if needed, any red-line edits. Red-lined versions of the agreement cannot be accepted for signature. After negotiating any edits, the designated recipient listed below will be receiving an email* from our Apttus application. Please open, electronically sign, and return this Data Release and Indemnification agreement.
*Note: the email may originate from an csgi.com email address.
2. Email address of primary signatory responsible for executing and suggesting edits to legal agreements. As needed, provide emails of other parties that need to be cc-d with respect to indemnification agreements.
3. Signed indemnification agreement, from above. Upon Forte/CSG approval, a countersigned agreement will be returned.
4. Name, email, and phone of designated recipient contact assigned to the data migration project.
5. Public PGP key
6. Current attestation of PCI Compliance, PCI-AOC or suitable documentation, with a valid-through date. We cannot accept proof of PCI compliance that is self-reported such as an SAQ certificate. In lieu of an SAQ certificate, the merchant can provide the completed and current SAQ as suitable documentation.
7. If data delivery will be completed through email, provide the recipient's email. The recipient's email must be registered to the legal business from requirement #1.
8. If data delivery will be completed through an upload to the designated recipient's secure FTP server, provide the server's URL, port, login information, and the destination folder. The secure FTP server must be registered to the legal business from requirement #1.