American Express - Provider: Compliance Requirements

Start of menu

My Account
You are under MyAccount Primary Tab
Card AccountExpand / Collapse
Business AccountsExpand / Collapse
Other AccountsExpand / Collapse
- International Money Transfers for Card Members
Cards
You are under New Cards Primary Tab
Personal CardsExpand / Collapse
Small Business CardsExpand / Collapse
Corporate CardsExpand / Collapse
Gift CardsExpand / Collapse
- View Gift Cards
Travel
You are under Travel Primary Tab
Online TravelExpand / Collapse
Travel ResourcesExpand / Collapse
Business TravelExpand / Collapse
Travel MoneyExpand / Collapse
Insurance
You are under Insurance Primary Tab
All InsuranceExpand / Collapse
- Insurance Homepage
Insure my travelsExpand / Collapse
Insure my pet and possessionsExpand / Collapse
- Pet Insurance
- Gadget Insurance
Insure meExpand / Collapse
Rewards
You are under Rewards Primary Tab
Membership RewardsExpand / Collapse
Other Reward ProgrammesExpand / Collapse
OffersExpand / Collapse
- Cardmember offers
- Refer friends. Get rewarded.
InvitesExpand / Collapse
- Entertainment
Business
You are under Business Primary Tab.
MerchantsExpand / Collapse
CorporationsExpand / Collapse
Small Business CardsExpand / Collapse
Global NetworkExpandir / Colapsar

GET STARTED...

	Data Security Home
	Merchant Information
	Service Provider Information
	PCI Security Requirements
	Frequently Asked Questions
	Watch Data Security Video

Data Security For Service Providers

What is a
Service Provider?

Data Security
Standard

Compliance
Requirements

In Case Of
A Breach

Compliance Requirements for Service Providers
All Service Providers are required to adhere to the American Express Data Security Operating Policy, including compliance with the Payment Card Industry Data Security Standard.

In addition, Service Providers must take the following steps annually or quarterly:

Annual Onsite Security Audit Validation Documentation
The Annual Onsite Security Audit is a detailed onsite examination of a Service Provider's equipment, systems, and networks (and their components) where Cardmember information is processed, stored, or transmitted

Quarterly Network Scan Validation Documentation
The Quarterly Network Scan is a process that tests a Service Provider's internet-connected computer networks and web servers for potential weaknesses and vulnerabilities. This test is performed remotely, and must be undertaken by a third party security assessor acceptable to American Express

Step 2 Once you have completed your requirements, you should send your validation documentation on a compact disc, in the required formats, to the following address, as detailed in the Data Security Operating Policy.

American Express Payments Europe, S.L..
GNO Data Security Unit
PO Box 54886
London, SW1W 0YW
United Kingdom

Non-Compliance Fees and Termination of Card Acceptance Agreement
Service Providers risk incurring fees for non-validation of compliance and potential termination of their American Express Card Acceptance Agreement if they do not comply with this policy.

Disclaimer
Except as otherwise specified in this policy, a Service Provider's compliance with the Data Security Operating Policy shall not in any way relieve its indemnity obligations to American Express under its agreement with American Express, nor relieve or decrease its liability in any way. Service Providers are responsible at their sole expense for providing additional data security measures that they deem necessary to protect their particular data and interests. American Express does not in any way represent or warrant that the measures contained in such agreement or this policy are sufficient or adequate to protect Service Provider's particular data and interests.
AMERICAN EXPRESS HEREBY DISCLAIMS ANY AND ALL REPRESENTATIONS, WARRANTIES, AND LIABILITIES WITH RESPECT TO THIS DATA SECURITY OPERATING POLICY, THE PCI STANDARD, AND THE DESIGNATION AND PERFORMANCE OF THIRD PARTY SECURITY ASSESSORS, WHETHER EXPRESSED, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.