Data Security

Data Security

American Express has a long-standing commitment to protecting Cardmember information.


After all, compromised data has a negative impact on everyone - Cardmembers, Merchants and Card issuers - and even one incident can severely damage a company's reputation and impair its ability to conduct business effectively. 


Addressing this threat by implementing the American Express Data Security Operating Policy can make your customers feel more secure and enhance the reputation of your business. 



Our role in Data Security


Cardmembers rely on American Express for the highest level of service and protection. This is why we developed the Data Security Operating Policy and work alongside Merchants and Service Providers to help establish security programs that are up to the job. 


American Express is a founding member of the PCI Security Standards Council. The Council is designed to manage the ongoing evolution of the PCI Data Security Standard and to foster its adoption in the payment card industry. Through our participation in the Council, American Express continues our commitment to pursue all aspects of data security with diligence. 



Your role in Data Security


Merchants have an important role to play in protecting Cardmember information. In agreeing to accept the American Express® Card, you have agreed to the terms of our Card Acceptance Agreement. This contains the Data Security Operating Policy, which requires compliance with the PCI DSS. View more data security information for Merchants or for Service Providers and about PCI security requirements.


The Data Security Operating Policy can be viewed here. In the case of a conflict between the provisions of the website and the policy, the provisions of the policy will prevail.