It's an American Express policy with which all Merchants, Processors, and Service Providers that store, process or transmit American Express Card Member information must comply. It aligns with the Payment Card Industry Data Security Standard (PCI Standard), which sets out a common set of technical requirements for safeguarding sensitive payment data. It applies to all entities, equipment, systems and networks that process, store or transmit Card Member information.
By accepting American Express Cards, you agree to be bound to Terms and Conditions of our Card Acceptance Agreement.
It applies to you even if you do not store any Card Member Information. To find out more about American Express Data Security, click here.