The Payment Card Industry Data Security Standard (PCI DSS) status reporting requirements are determined by the number of American Express Card transactions you process in a given year.
You’re obligated to report your PCI DSS status to us regularly, whether you are compliant or non-compliant. Reporting to us on time, regardless of status, can prevent a nonrefundable, non-validation Data Security fee.
These reporting requirements apply to both Merchants and Service Providers.
- Merchant, means the merchant and all of its affiliates that accept American Express Cards under an Agreement with American Express or its affiliates.
- Services Providers are authorized processors, third party processors, gateway providers, and any other providers to Merchants at point of sale equipment, software, or systems, or other payment processing solutions or services.