As part of our commitment to data security, American Express requires that all of our Merchants and Service Providers and their Covered Parties:
- Store Cardmember information only to facilitate Card transactions as described in their agreement with American Express
- Comply with the current Payment Card Industry Data Security Standard
Covered Parties include Merchants':
- Service Providers
Covered Parties also include providers of its Point of Sale equipment or systems or payment processing solutions, and any other party to whom it may provide Cardmember information access in accordance with its Card Acceptance Agreement.
View the Payment Card Industry Data Security Standard.
List of Assessors
The PCI Security Standards Council is assuming responsibility for the Qualified Security Assessors (QSA) program. All new and existing QSAs must contract directly with the Council.
Click here to find a QSA.