This article details prerequisites for exports of merchant data to a 3rd party. The 3rd party is designated by the merchant.
For the merchant's reference, the client data transfer request form is attached. The form, with option #3 selected, must be completed and returned to email@example.com by the signer of the merchant application. A support ticket will be created automatically and the requester can use it to relay information received from the designated 3rd-party.
From the 3rd-party
1. Legal business name and address.
- An indemnification agreement will be drafted by the Forte/CSG legal department. Thereafter, 3rd party contact(s) listed below will be receiving an email* from our Apttus application, which is the Data Release and Indemnification agreement. Please open, electronically sign, and return this agreement.
*Note: the email may originate from an csgi.com email address.
2. Email address of primary signatory responsible for executing an indemnification agreement. As needed, provide emails of other parties that need to be cc-d with respect to indemnification agreements.
- A Word version of the agreement will be provided to propose, if needed, red-line edits.
3. Signed indemnification agreement, from above. Upon Forte/CSG approval, a countersigned agreement will be returned.
4. Name, email, and phone of 3rd-party contact assigned to the data migration project.
5. Public PGP key
6. Current attestation of PCI Compliance, PCI-AOC or suitable documentation, with a valid-through date. We cannot accept proof of PCI compliance which is self-reported.
7. If data delivery will be completed through email, provide the recipient's email. The recipient's email must be registered to the legal business from requirement #1.
8. If data delivery will be completed through an upload to the 3rd-party's secure FTP server, provide connection details and login information.