AMEX PCI Compliant Service Providers List
PCI DSS compliant service providers can now register with AMEX, who now maintains a full list of all such organisations. If you’re a PCI DSS compliant Service Provider who stores, processes or transmits AMEX cardholder data, there is now a mandatory registration scheme similar to the ones currently in place from Visa Europe and Mastercard.
How to Register
Service providers will pay a fee to register, and will also need to provide evidence of compliance. Full details of the scheme are available directly from the American Express web site.
What is a Service Provider?
Most PCI DSS compliant service providers are involved with the handling of cardholder data either on behalf of an issuer or acquirer, or on behalf of other companies that have that kind of relationship. Really, as far as PCI is concerned, you’re a service provider if you handle cardholder data in any way, on behalf of any 3rd party organisation. Having said that, AMEX covers all the bases and defines a Service Provider as:
Any entity to which Cardholder Data and/or Sensitive Authentication Data is provided, including those involved in the processing, storage, transmission, and/or switching of transaction data, Cardholder Data, and/or Sensitive Authentication Data, such as authorized processors, third party processors, vendors, Mobile Entities, or their agents, representatives, or subcontractors.
That’s a bit of a mouthful, but if this sounds like something your organisation does, you may wish to consider registering with AMEX as above. If you’re not sure if any of the above applies to your organisation, get in touch with us and we’ll be happy to help.