As part of our commitment to data security, American Express requires that all of our Merchants, Service Providers and their Covered Parties:

  • Store Cardmember information only to facilitate Card transactions as described in their agreement with American Express
  • Comply with the current Payment Card Industry Data Security Standard

Covered Parties include Merchants':

  • Employees
  • Agents
  • Representatives
  • Subcontractors
  • Processors
  • Service Providers
Covered Parties also include providers of Point-of-Sale equipment, systems or payment processing solutions, as well as any other party to whom a Merchant may provide access to Cardmember information in accordance with its Card Acceptance Agreement.
View the Payment Card Industry Data Security Standard.

List of Assessors

The PCI Security Standards Council is assuming responsibility for the Qualified Security Assessors (QSA) program previously administered separately by Visa International. All new and existing QSAs must contract directly with the Council.
Click here to find a QSA