American Express has a long-standing commitment to protecting Cardmember Information.
After all, compromised data has a negative impact on everyone - consumers, merchants and card issuers – and even one incident can severely damage a company's reputation and impair its ability to conduct business effectively.
If you are already a merchant please login to our existing merchant website to view our comprehensive data security content under the Support and Services section of the website click here to login.
Cardmembers rely on American Express for the highest level of service and protection. This is why we developed the Data Security Operating Policy and work alongside Merchants and Service Providers to help establish security programs that are up to the job.
American Express is a founding member of the PCI Security Standards Council. The Council is designed to manage the ongoing evolution of the PCI Data Security Standard and to foster its adoption in the payment card industry. Through our participation in the Council, American Express continues our commitment to pursue all aspects of data security with diligence.
Merchants have an important role to play in protecting Cardmember information. In agreeing to accept the American Express® Card, you have agreed to the terms of our Card Acceptance Agreement. This contains the Data Security Operating Policy, which requires compliance with the PCI DSS.
View the American Express Data Security Film to learn more about the American Express Data Security Operating Policy.
To learn more about PCI DSS visit the PCI Security Standards Council’s website and view the
Payment Card Industry Data Security Standard.
Data Incident Management Obligations.
Merchants and Service Providers must notify American Express immediately.
If you believe that Cardmember information has been compromised, notify the American Express Enterprise Incident Response Program (EIRP) by filling out the Initial Notice Form and sending it via email to EIRP@aexp.com.