Your SlideShare is downloading. ×
PCIService Providers
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

PCIService Providers

426
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
426
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Visa’s Global Registry of Service Providers - PCI DSS Validated EntitiesAs Of 1/19/2011The companies listed below were validated as being PCI DSS compliant by a QSA as of the "VALIDATIONDATE". Service providers are required to revalidate their compliance to Visa on an annual basis, with the nextannual Report on Compliance (ROC) due to Visa one year from the "VALIDATION DATE". ROCs that are from 1-60 days late are noted in yellow and ROCs that are from 60-90 days late are noted in red. Entities with ROCsover 90 days past due are removed from this list. Entities are listed in each Visa region where they have beenregistered by at least one client, including: AP - Asia Pacific, CEMEA - Central Europe / Middle East / Africa,LAC - Latin America / Caribbean, NA - North America - Canada / United States. Visa clients are responsible forand are required to use compliant service providers and to follow up with service providers directly if there are anyquestions about their compliance status.List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NA1ShoppingCart.com June 30, 2010 Other Security Metrics Payment Gateway1st Americard March 31, 2010 Other Fortrex Technologies1stPayGateway, LLC May 31, 2010 Authorization Internet Security Systems (a wholly owned IBM company) Payment Gateway3dCart March 31, 2010 Hosting Provider SecurityMetrics Payment Gateway3Delta Systems September 30, 2010 Authorization Fortrex Technologies MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching800 Call KC May 31, 2010 MOTO Payment Processing Accudata Systems Payment GatewayA3 IT Solutions November 30, 2010 Hosting Provider TrustwaveAAFES July 31, 2010 IPSP (E-commerce) IBM Security Services Payment Gateway Process Magnetic-Stripe Transactions SwitchingAbanco, LLC February 28, 2010 Payment Gateway Trustwave Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 1 of 65
  • 2. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAABC FINANCIAL May 31, 2010 Authorization TrustwaveSERVICES, INC Clearing & Settlement Hosting Provider IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsABC Virtual November 30, 2009 Hosting Provider Lighthouse ComputerCommunications, Inc. Services Payment GatewayAccel Networks January 31, 2010 Other TrustwaveAccelerated Payment July 31, 2010 Authorization TrustwaveTechnologies Inc IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe TransactionsACCENT Marketing May 31, 2010 MOTO Payment Processing Crowe HorwathAccertify February 28, 2010 Other Halock Security LabsAccesso, LLC February 28, 2010 Clearing & Settlement Trustwave Payment GatewayAccountNow June 30, 2010 Other TrustwaveAcculynk February 28, 2010 Payment Gateway TrustwaveACH Direct November 30, 2009 Payment Gateway RSM McGladreyAchieve Financial Services, November 30, 2010 Issuing Processing INFORMATIONLLC EXCHANGE, INCACI Worldwide April 30, 2010 Other Solutionary, IncACI Worldwide - Winn-Dixie September 30, 2010 Payment Gateway SolutionaryEnvironment Process Magnetic-Stripe Transactions SwitchingACS Government and August 31, 2010 Hosting Provider SecurityMetricsCommunity Solutions Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 2 of 65
  • 3. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAACS Government and August 31, 2010 Process Magnetic-Stripe SecurityMetricsCommunity Solutions TransactionsAdeptra December 31, 2010 Other ProtivitiAdvanced Network, Inc. October 31, 2009 Authorization Information Exchange Inc. Clearing & Settlement Payment GatewayAdvantex Dining Corporation March 31, 2010 Loyalty Programs Datassurant, Inc.Adyen B.V. May 31, 2010 Internet Payment Processing TrustwaveAegis Communications December 31, 2009 Other K3DESAEGIS USA, INC. May 31, 2010 Other VerisignAffiliated Acceptance October 31, 2010 MOTO Payment Processing TrustwaveCorporation Payment GatewayAffinion Loyalty Group February 28, 2011 Loyalty Programs Trustwave(formerly Trilegiant)Affinity Solutions November 30, 2009 Loyalty Programs SolutionaryAgilysys, Inc. July 31, 2010 Payment Gateway TrustwaveAirlines Reporting February 28, 2010 Clearing & Settlement AT&T Consulting Solutions,Corporation Inc.Akamai September 30, 2010 Other Neohapsis Inc.AL BILAD BANK October 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingAlacriti December 31, 2009 Payment Gateway IGX GlobalAlaska Option Services April 30, 2010 Authorization K3DES Clearing & Settlement Issuing Processing SwitchingAlignet, S.A.C December 31, 2010 3-D Secure Access Control Xtrategies Server IPSP (E-commerce) Other(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 3 of 65
  • 4. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAAlignet, S.A.C December 31, 2010 Payment Gateway XtrategiesAlliance Data - Remittance May 31, 2010 Other Verizon Business NetworkProcessing Services Inc.Alliance Data - Retail January 31, 2010 Authorization Verizon BusinessServices Clearing & Settlement Issuing Processing Loyalty ProgramsAlliance Entertainment August 31, 2010 Authorization Solutionary Inc. IPSP (E-commerce) Payment GatewayAllianceOne Inc. May 31, 2010 Other Tevora Business SolutionsAlta Resources April 30, 2010 Other IBM Internet Security SystemsAmazon.com October 31, 2010 Other IOActive, Inc.AmegyBank December 31, 2009 Other Verizon Business Payment GatewayAmerican Bancard June 30, 2010 Other Enterprise Risk Management, Inc.American Data Technology April 30, 2010 Hosting Provider Specialized Security Services, IncAmericaneagle.com November 30, 2010 Hosting Provider Fortrex TechnologiesAOC Solutions, Inc October 31, 2009 Other Fortrex TechnologiesAOL, Inc. September 30, 2010 Authorization IOActive Clearing & Settlement MOTO Payment Processing Payment GatewayApriva, LLC July 31, 2010 Clearing & Settlement Trustwave IPSP (E-commerce) Loyalty Programs Payment Gateway Process Magnetic-Stripe Transactions SwitchingArab Financial Services July 31, 2010 Payment Processing SISACompanyArcot Systems December 31, 2009 3-D Secure Access Control Payment Software company Server (PSC)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 4 of 65
  • 5. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAArgenbright – Skybridge August 31, 2010 Other TrustwaveMarketing Group -Customer ServiceAria Systems December 31, 2010 Payment Gateway TrustWaveAriba Inc May 31, 2010 Other Payment Software company (PSC)Arise Virtual Solutions May 31, 2010 Other AT&T Consulting SolutionsArmenian Card CJSC December 31, 2009 Authorization Informzaschita Clearing & Settlement Issuing Processing SwitchingArt Technology Group (ATG) November 30, 2010 Hosting Provider Trustwave IPSP (E-commerce)Artez Interactive Inc December 31, 2010 Payment Gateway IBM Security ServicesArvato Finance Services July 31, 2010 Clearing & Settlement Acertigo AG - An EXCELSISLimited Company IPSP (E-commerce) Payment GatewayASIAPAY (HONG KONG) November 30, 2009 IPSP (E-commerce) TrustwaveLTD Payment GatewayAsociacion Cibao de September 30, 2010 Authorization TrustwaveAhorros y Prestamos Issuing ProcessingAssist July 31, 2010 Payment Gateway SRC GermanyASUREPAY PTY LTD July 31, 2010 IPSP (E-commerce) BridgepointAT&T Managed Hosting October 31, 2010 Hosting Provider Trustwaveand Application ServicesAT&T Managed Services - October 31, 2010 Other TrustwaveAT&T Encryption ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveAT&T Enhanced VPNServices, AT&T VPNServices, AT&T PrivateNetwork Transport ServicesAT&T Managed Services - May 31, 2010 Other TrustwaveAT&T Network Based IPVPN Remote AccessService / AT&T VPNTunneling Service(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 5 of 65
  • 6. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAAT&T Managed Services - July 31, 2010 Other TrustwaveEndpoint SecurityAT&T Managed Services - July 31, 2010 Other TrustwaveIntrusion DetectionServices/IntrusionPrevention ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveIP Telephony and LANServicesAT&T Managed Services - July 31, 2010 Other TrustwaveManaged Router ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveNetwork Based FirewallAT&T Managed Services - July 31, 2010 Other TrustwavePremise Based FirewallAT&T Managed Services - July 31, 2010 Other TrustwaveTransaction Routing ServiceAT&T Managed Services - July 31, 2010 Other TrustwaveVoiceToneAT&T Synaptic Hosting October 31, 2010 Hosting Provider TrustwaveATCO I-TEK INC. August 31, 2010 Other Control GapATOS ORIGIN SERVICES April 30, 2010 Authorization TUV Rheinland(M) SDN BHD Clearing & Settlement Hosting Provider Issuing ProcessingAudienceView Ticketing August 31, 2010 Other NCI (Net Cyclops Inc.)CorporationAuric Systems International October 31, 2010 Other PSCAuthorize.NET November 30, 2010 Payment Gateway TrustwaveAutoscribe Corporation June 30, 2010 Other Fortrex Technologies Payment GatewayAVF Consulting, Inc. July 31, 2010 Payment Gateway igxglobalB3 Corp February 28, 2010 Payment Gateway Digital Resources Group (DRG)Bank of America Merchant March 31, 2010 Clearing & Settlement TrustwaveServices Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 6 of 65
  • 7. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NABank Zenit November 30, 2010 Authorization Jet Infosystems Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingBankCard USA November 30, 2010 Other 403 LabsBankserv September 30, 2010 Payment Gateway RSM McGladrey Inc.Bankserv Credit Card October 31, 2010 Payment Gateway TrustwaveServices, Inc.Banque Misr July 31, 2010 Authorization ControlCase LLC Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway SwitchingBeanstream Internet September 30, 2010 IPSP (E-commerce) SPIGuard Security SolutionsCommerce Inc. Inc MOTO Payment Processing Payment GatewayBenson Records November 30, 2009 Other FishNet SecurityManagement CenterBill 1st, LLC July 31, 2010 Other Chief Security Officers, LLCBillMatrix February 28, 2010 Payment Gateway TrustwaveBilltrust October 31, 2010 Payment Gateway Chief Security Officers, LLCBlackbaud - eTapestry September 30, 2010 Other TrustwaveBlackbaud - Internet September 30, 2010 Other TrustwaveServicesBlackbaud Payment February 28, 2010 Payment Gateway TrustwaveServicesBlackhawk Network May 31, 2011 Authorization Verizon Business Clearing & Settlement Hosting Provider Issuing Processing Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 7 of 65
  • 8. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NABlue Bamboo, Inc October 31, 2009 Authorization Digital Resources Group (DRG) Payment GatewayBluefin Payment Systems October 31, 2009 Payment Gateway 403 LabsBluePay May 31, 2010 Other Trustwave Payment GatewayBraintree Payment Solutions February 28, 2010 Other TrustwaveBrinkman Financial January 31, 2010 Authorization K3DES MOTO Payment ProcessingBSG Payments (formerly November 30, 2009 Payment Gateway TrustwaveBilling Concepts)Business Data Record November 30, 2009 Other RSM McGladreyServicesCale Access AB (Cale November 30, 2010 Other TrustwaveSystems) Payment Gateway Process Magnetic-Stripe TransactionsCaledon Card Services May 31, 2010 Authorization SPIguard Security Solutions Inc. Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCalypso Canada January 31, 2011 Switching TrustwaveCamis, Inc. October 31, 2010 IPSP (E-commerce) SPIguard Security Solutions Inc. MOTO Payment ProcessingCantaloupe Systems, Inc. September 30, 2010 Authorization 403 Labs, LLC Clearing & Settlement Payment Gateway Process Magnetic-Stripe TransactionsCapital Bankcard October 31, 2009 MOTO Payment Processing Trustwave Payment GatewayCapital Card Services April 30, 2010 MOTO Payment Processing Trustwave OtherCard Management Corp. August 31, 2010 Other Crowe ChizekCardCana Corporation November 30, 2009 Authorization IGX Global(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 8 of 65
  • 9. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACardCana Corporation November 30, 2009 Payment Gateway IGX GlobalCARDFLEX INC. September 30, 2010 Authorization K3DES LLC MOTO Payment Processing Other Payment GatewayCardinal Commerce Corp. December 31, 2010 3-D Secure Access Control Payment Software Company Server (PSC) Payment GatewayCARDLINK SERVICES June 30, 2010 Clearing & Settlement VectraLIMITED MOTO Payment Processing Payment GatewayCardStandard April 30, 2010 Authorization IBM Internet Security Systems Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsCardtronics EFT May 31, 2010 Other K3DES Process Magnetic-Stripe Transactions SwitchingCardworks Processing August 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment GatewayCardworks Servicing LLC February 28, 2010 Other TrustwaveCarlson Marketing March 31, 2010 Loyalty Programs TrustwaveWorldwide (Visa Data Track)Carlson Marketing June 30, 2010 Loyalty Programs TrustwaveWorldwide (Visa Extras)Cart 32 August 31, 2010 Hosting Provider Accuvant IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe TransactionsCartManager February 10, 2010 IPSP (E-commerce) Trustwave Payment Gateway Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 9 of 65
  • 10. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACashLINQ Group, LLC August 31, 2010 MOTO Payment Processing SecurityMetrics Payment Gateway Process Magnetic-Stripe TransactionsCashN Go May 31, 2010 Payment Gateway Trustwave Process Magnetic-Stripe TransactionsCASHNet December 31, 2010 IPSP (E-commerce) 403 Labs, LLC MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCB AGROPROMCREDIT November 30, 2010 Authorization EVRAAS.I.T Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe TransactionsCBC Companies, Inc April 30, 2010 Other Verizon Business, IncCBCInnovis, Inc. April 30, 2010 Other VerizonCBORD Group February 28, 2010 Payment Gateway TrustwaveCboss November 30, 2010 Payment Gateway SecurityMetricsCCBill January 31, 2010 Authorization Chief Security Officers Clearing & Settlement IPSP (E-commerce)CDMS MERCHANT December 31, 2010 Other Enterprise Risk ManagementSERVICES, INC.CDW Hosting and Managed October 31, 2010 Hosting Provider TrustwaveServicesCenPos January 31, 2010 Payment Gateway Enterprise Risk ManagementCenter Partners October 31, 2010 Other IDEA Information SecurityCentershift October 31, 2010 Hosting Provider Security Metrics Payment GatewayCentral States Indemnity October 31, 2010 Other Continuum Worldwide CorporationCentrix Bank – LockBox May 31, 2010 MOTO Payment Processing SecurityMetricsService Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 10 of 65
  • 11. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACentury Bankcard Services May 31, 2010 Clearing & Settlement Information Exchange OtherCertain Software October 31, 2010 Payment Gateway Coalfire SystemsCHARGE Anywhere April 30, 2010 Payment Gateway TrustwaveChargeback Guardian November 30, 2010 Other SecurityMetrics Payment GatewayChase Loyalty Solutions December 31, 2010 Authorization Trustwave Clearing & Settlement Loyalty Programs Payment Gateway SwitchingChase Paymentech January 31, 2010 Authorization TrustwaveSolutions, LLC. Clearing & Settlement Loyalty ProgramsCheck21.com LLC May 31, 2010 Payment Gateway Enterprise Risk ManagementChip Card Ad Beograd April 30, 2010 Authorization VOC - Consultancy Clearing & Settlement SwitchingCintas Document June 30, 2010 Other SecureState ConsultingManagement ShreddingCintas Document June 30, 2010 Other SecureState ConsultingManagement StorageClearent April 30, 2010 Authorization Coalfire Clearing & Settlement Payment Gateway SwitchingClearTran January 31, 2010 Payment Gateway SecurityMetricsClient Services January 31, 2010 Other InsightCobre Bem June 30, 2010 IPSP (E-commerce) ecipher MOTO Payment Processing Payment GatewayCollections Marketing December 31, 2009 Other 403 LabsCenter, Inc. Payment GatewayColumbus Data January 31, 2010 Authorization Information Exchange Clearing & Settlement Other Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 11 of 65
  • 12. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACommerceV3 November 30, 2010 Hosting Provider Fortrex Technologies Payment GatewayCompass Plus Ltd. November 30, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingComplianthost.com, a GSI May 31, 2010 Hosting Provider SAS 70 SolutionsService OfferingComputer Services, Inc. September 30, 2010 Authorization Crowe Horwath Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingConcur - Gelco August 31, 2010 Other Verizon BusinessConcur - Redmond June 30, 2010 Other Verizon BusinessConsumer Benefit Services March 31, 2010 Loyalty Programs TrustwaveContact Solutions April 30, 2010 MOTO Payment Processing SecurityMetrics, Inc. Payment GatewayConvergys CCMS April 30, 2010 Other Fortrex TechnologiesConvergys Encore March 31, 2010 Payment Gateway Fortrex TechnologiesConvergys Home Agent July 31, 2010 Payment Transmission Fortrex Technologies ServiceConvergys Intervoice July 31, 2010 Other Fortrex TechnologiesConvio, Inc. January 31, 2010 Payment Gateway TrustwaveCO-OP Financial Services April 30, 2010 Authorization Tevora Business Solutions Inc Clearing & Settlement Loyalty Programs Other Payment Gateway SwitchingCORE Business July 31, 2010 Authorization TrustwaveTechnologies Hosting Provider(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 12 of 65
  • 13. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACORE Business July 31, 2010 IPSP (E-commerce) TrustwaveTechnologies MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCoreCommerce December 31, 2009 Payment Gateway Chief Security OfficersCRE Secure July 31, 2010 Payment Gateway Coalfire Systems, Inc.Credibanco Visa Colombia April 30, 2010 Authorization Xtrategies Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingCredit Discovery December 31, 2009 Clearing & Settlement Information Exchange OtherCreditCall Communications January 31, 2010 Authorization ForegenixLtd. Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCrescent Processing October 31, 2010 Other SecurityMetricsCompany Payment GatewayCroem, Inc. October 31, 2010 MOTO Payment Processing TrustwaveCSG Content Direct March 31, 2010 Authorization Solutionary IPSP (E-commerce) Payment GatewayCSG Systems - Data Prose May 31, 2010 IPSP (E-commerce) Solutionary OtherCSG Systems, Inc. - April 30, 2010 Payment Gateway SolutionaryInteractive MessagingCSG Systems, Inc. – April 30, 2010 Authorization SolutionaryStatement and AccountBilling Services IPSP (E-commerce) Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 13 of 65
  • 14. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACSI Software October 31, 2010 Hosting Provider Trustwave Payment GatewayCSU CardSystem S.A. September 30, 2010 Authorization Trustwave Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions SwitchingCvent August 31, 2010 Other FishNet SecurityCybera April 30, 2010 Switching FishNet SecurityCyberSource (a Visa August 31, 2010 Payment Gateway Trustwavecompany)Cynergy Data August 31, 2010 IPSP (E-commerce) Coalfire Systems. Inc. MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsD.M.inSite July 31, 2010 Payment Gateway SecurityMetricsData Delivery Services July 31, 2010 Other CoalfireData Paradigm July 31, 2010 Other Crowe Horwath LLPData Stream February 28, 2010 Authorization Information Exchange Clearing & Settlement Other Payment GatewayDataline Systems December 31, 2009 Other TrustwaveDatapak Services May 31, 2010 Authorization TrustwaveCorporation Hosting Provider Payment GatewayDataTrax Technologies January 31, 2011 Payment Gateway SecurityMetrics, Inc.DAXKO April 30, 2010 IPSP (E-commerce) IBM Security ServicesDebit Plus Technologies, February 28, 2010 Other Specialized Security ServicesLLCDebit Technologies, Inc May 31, 2010 Clearing & Settlement Information Exchange(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 14 of 65
  • 15. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NADebit Technologies, Inc May 31, 2010 Other Information ExchangeDelphis Software November 30, 2009 Authorization Digital Resources Group (DRG) Payment GatewayDemandware June 30, 2010 Hosting Provider SecurityMetrics IPSP (E-commerce) Payment GatewayDenarii Systems January 31, 2010 Authorization Security Works Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingDHD Media June 30, 2010 Clearing & Settlement Trustwave Payment GatewayDiamond Marketing September 30, 2010 Other Halock Security LabsSolutionsDiebold, Inc. December 31, 2010 Authorization Verizon Business Network Services Inc. SwitchingDigital Network Solutions April 30, 2010 Authorization Information Exchange(DNS) DBA Moneytree ATM Clearing & Settlement Payment GatewayDigital Payment May 31, 2010 Payment Gateway Payment Software companyTechnologies (PSC)Digital River July 31, 2010 IPSP (E-commerce) NetSPI Payment GatewayDirect Alliance Corp November 30, 2009 MOTO Payment Processing AT&T Consulting Solutions, Inc. OtherDirect Mail Processors January 31, 2010 Payment Gateway Fortrex TechnologiesDonor.com June 30, 2010 Authorization Coalfire Hosting Provider IPSP (E-commerce) MOTO Payment Processing Other(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 15 of 65
  • 16. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NADST Output, LLC. - November 30, 2010 Payment Gateway FishNet Security, Inc.PaymentDuncan Professional October 31, 2010 Payment Gateway SecurityMetrics, Inc.Account Management(PAM)Duncan Technologies June 30, 2010 Payment Gateway SecurityMetricsDydacomp Complete May 31, 2010 IPSP (E-commerce) Coalfire Systems, Inc.CommerceEbocom, LLC April 30, 2010 Clearing & Settlement CyberTrustEchoSat Communications September 30, 2010 Other ComplyGuard Networks Inc.eCommLink November 30, 2009 Authorization RSM McGladrey Hosting Provider IPSP (E-commerce) Issuing Processing Loyalty ProgramsEdhance Inc. July 31, 2010 Loyalty Programs PSC LLCEFX March 31, 2010 Authorization T3i Clearing & Settlement Issuing Processing Payment Gateway SwitchingeGate Payment August 31, 2010 IPSP (E-commerce) SysnetTechnologies Ltd MOTO Payment Processing Payment GatewayElan Financial Services April 30, 2010 Authorization TrustWave Clearing & Settlement Issuing Processing SwitchingElan Financial Services December 31, 2009 Issuing Processing TrustwaveCredit Card IssuingElavon (formerly NOVA) May 31, 2010 Authorization TrustWave Clearing & Settlement Other Payment Gateway Process Magnetic-Stripe TransactionsElavon (formerly Southern September 30, 2010 Authorization TrustwaveDatacomm) IPSP (E-commerce)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 16 of 65
  • 17. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAElavon (formerly Southern September 30, 2010 Process Magnetic-Stripe TrustwaveDatacomm) Transactions SwitchingElavon Canada (formerly July 31, 2010 Payment Gateway TrustwaveInternet Secure)Elavon Fusebox November 30, 2010 Authorization Trustwave Clearing & Settlement Other Payment Gateway Process Magnetic-Stripe TransactionsELECTRA CARD May 31, 2010 Authorization ControlCaseSERVICES PVT. LTD. Clearing & Settlement Issuing Processing Loyalty Programs Process Magnetic-Stripe TransactionsElectronic Merchant April 30, 2010 Other TrustwaveSystemsElectronic Payment April 30, 2010 Authorization Payment Software CompanyExchange (EPX) (PSC) Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingElectronic Payments Inc July 31, 2010 Authorization Information Exchange Clearing & Settlement Loyalty Programs OtherElectronic Processing January 31, 2010 Clearing & Settlement Information ExchangeServices OtherElement Payment Services November 30, 2010 Clearing & Settlement Information Exchange Other Payment GatewayEmdeon March 31, 2010 IPSP (E-commerce) Lattimore Black Morgan and Cain Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 17 of 65
  • 18. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAEMN8 POS Managed November 30, 2010 Other Tevora Business SolutionsServices Payment GatewayEnacomm, Inc. March 31, 2010 Hosting Provider True Digital SecurityEncircle December 31, 2009 Other Enterprise Risk ManagementENETS PTE LTD November 30, 2009 Payment Gateway VectraenStage Software Pvt Ltd December 31, 2010 3-D Secure Access Control Control Case ServerePayData October 31, 2010 Clearing & Settlement Information Exchange Payment GatewayEpicor March 31, 2010 Authorization Trustwave Payment GatewayEpoch November 30, 2010 IPSP (E-commerce) ProtivitieProcessing Network April 30, 2010 Payment Gateway TrustwaveEpsilon Data Management August 31, 2010 Loyalty Programs Verizon BusinessEquiant Financial Services, November 30, 2010 IPSP (E-commerce) Chief Security Officers, LLCLLC MOTO Payment ProcessingEscalate Retail Incorporated October 31, 2009 E-Commerce Trustwave Order FulfillmentEURONET SERVICES April 30, 2010 Issuing Processing ControlCaseINDIA PVT. LTD. Process Magnetic-Stripe TransactionsEuroPlanet April 30, 2010 Authorization Trustwave MOTO Payment Processing Process Magnetic-Stripe TransactionsEVERTEC Latinoamerica / December 29, 2010 Authorization XtrategiesATH Costa Rica Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingEVO Merchant Services October 31, 2010 Clearing & Settlement Trustwave(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 18 of 65
  • 19. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAEvolution Benefits December 31, 2009 Other Lighthouse Computer ServicesE-xact Transactions May 31, 2010 Payment Gateway TrustwaveExcellence in Motivation November 30, 2010 Authorization Information Exchange Clearing & Settlement Issuing Processing Payment GatewayExperian September 30, 2010 IPSP (E-commerce) Verizon Business OtherExtraMeasures May 31, 2010 Other CoalfireEZFacility.com August 31, 2010 Payment Gateway TrustwaveEzic, Inc. July 31, 2010 Authorization Information Exchange Clearing & Settlement MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe TransactionsezRez Software October 31, 2010 Hosting Provider Payment Software company (PSC)Faith Direct July 31, 2010 Other CrimsonSecurityFédération des caisses August 31, 2010 Authorization TrustwaveDesjardins du Québec Issuing Processing Process Magnetic-Stripe TransactionsFidelity Information November 30, 2009 Authorization IBM – Internet SecurityServices - Australasia Systems (ISS Clearing & Settlement Payment Gateway SwitchingFidelity Information December 31, 2009 Authorization IBM Internet SecurityServices - Chicago Authnet Systems Clearing & Settlement Issuing Processing Payment Gateway SwitchingFidelity Information May 31, 2010 Payment Gateway IBM Internet SecurityServices - Clear Commerce Systems(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 19 of 65
  • 20. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFidelity Information April 30, 2010 Issuing Processing TrustwaveServices - eFunds PrepaidSolutions Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe TransactionsFidelity Information March 31, 2010 Other IBM Internet SecurityServices - eZCard Charlotte SystemsFidelity Information January 31, 2010 Other IBM Internet SecurityServices - Lisle Remittance SystemsProcessingFidelity Information June 30, 2010 Loyalty Programs TrustwaveServices - Loyalty CardProcessingFidelity Information April 30, 2010 Authorization TrustwaveServices - Norcross DebitCard Processing Clearing & Settlement Process Magnetic-Stripe TransactionsFidelity Information February 28, 2010 Other IBM Internet SecurityServices - Output Solutions SystemsSan AntonioFidelity Information May 31, 2010 MOTO Payment Processing TrustwaveServices - PaymentProcessing and DataCenter Little Rock, AR Process Magnetic-Stripe TransactionsFidelity Information September 30, 2010 Other IBM Internet SecurityServices - Plainview SystemsFidelity Information April 30, 2010 Authorization TrustwaveServices - Processadora eServicos S.A. Brazil Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsFidelity Information January 31, 2011 Clearing & Settlement TrustwaveServices - PSS India Issuing Processing SwitchingFidelity Information September 30, 2010 MOTO Payment Processing TrustwaveServices - St. Petersburg(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 20 of 65
  • 21. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFidelity Information March 31, 2010 Authorization IBM Internet SecurityServices - St. Petersburg Systems (ISS)Check Clearing & SettlementFidelity Information January 31, 2010 Other IBM Internet SecurityServices - Web Vault Systems (ISS)Fidelity Information September 30, 2010 Authorization TrustwaveServices (FIS) ElectronicPayments, New Berlin WI Clearing & Settlement Payment Gateway SwitchingFidelity Information September 30, 2010 Other TrustwaveServices Global BusinessSolutions India PrivateLimited (FIS GBS)Fifth Gear August 31, 2010 IPSP (E-commerce) Trustwave Payment GatewayFifth Third Processing June 30, 2010 3-D Secure Access Control TrustwaveSolutions - Issuing and ServerSwitch-Providing Systems Authorization Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingFifth Third Processing June 30, 2010 Authorization TrustwaveSolutions-Acquiring Systems Clearing & Settlement Process Magnetic-Stripe TransactionsFinancial Transmission January 31, 2010 Payment Gateway TrustwaveNetwork IncFinexus International Sdn July 31, 2010 Authorization TruswaveBhd Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingFirst American Payment June 30, 2010 Clearing & Settlement IBM Internet SecuritySystems Systems(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 21 of 65
  • 22. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst American Payment June 30, 2010 Payment Gateway IBM Internet SecuritySystems SystemsFirst Atlantic Commerce, March 31, 2010 Clearing & Settlement CoalfireLTD. MOTO Payment Processing Payment Gateway SwitchingFirst Data - Cono Sur S.R.L. March 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data - Merchant September 30, 2010 Authorization TrustwaveServices Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Buypass (First September 30, 2010 Authorization TrustwaveData Concord PaymentServices) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data CAC (Processing March 31, 2010 Authorization TrustWaveCenter, S.A.) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 22 of 65
  • 23. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst Data CAC (Processing March 31, 2010 Process Magnetic-Stripe TrustWaveCenter, S.A.) Transactions SwitchingFirst Data Card Services September 30, 2010 Authorization TrustwaveInternational Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Clientline September 30, 2010 Clearing & Settlement TrustwaveReporting (First DataConcord ElectronicFinancial Systems)First Data EFS September 30, 2010 Authorization TrustwaveTransportation Services Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Global Gateway September 30, 2010 Authorization Trustwave(First Data LinkPoint/FirstData YourPay) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Government September 30, 2010 IPSP (E-commerce) TrustwaveSolutions Payment GatewayFirst Data Integrated September 30, 2010 Other TrustwavePayment SystemsFirst Data International - September 30, 2010 Authorization TrustwaveANZSA(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 23 of 65
  • 24. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst Data International - September 30, 2010 Clearing & Settlement TrustwaveANZSA Issuing Processing Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingFirst Data International - September 30, 2010 Authorization TrustwaveChina Clearing & Settlement Issuing Processing Loyalty Programs Process Magnetic-Stripe TransactionsFirst Data International- November 30, 2010 Authorization TrustwaveOmniPay Limited Clearing & Settlement Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Korea November 30, 2010 Authorization Trustwave Clearing & Settlement Loyalty Programs Payment Gateway SwitchingFirst Data Money Network September 30, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data PayPoint September 30, 2010 Clearing & Settlement Trustwave IPSP (E-commerce) MOTO Payment Processing Process Magnetic-Stripe TransactionsFirst Data Prepaid Services September 30, 2010 Authorization Trustwave(First Data ConcordFinancial Technologies) Clearing & Settlement(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 24 of 65
  • 25. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst Data Prepaid Services September 30, 2010 IPSP (E-commerce) Trustwave(First Data ConcordFinancial Technologies) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data RemitCo September 30, 2010 Other Trustwave Remittance ProcessingFirst Data Retail ATM September 30, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Secure Transport December 31, 2010 Switching Trustwave(Datawire)First Data STAR (Networks, September 30, 2010 Authorization TrustwaveProcessing and SystemsInc.) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data TeleCheck September 30, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Hawaiian Bank June 30, 2010 Authorization Trustwave Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 25 of 65
  • 26. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst National Bank of January 31, 2011 Authorization TrustwaveOmaha Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingFirst National Technology March 31, 2010 Hosting Provider TrustwaveSolutionsFirst Ukrainian International November 30, 2010 Authorization SysnetBank Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingFirstSource Advantage, LLC September 30, 2010 Other SecurityMetricsFirstView Financial, LLC August 31, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Payment GatewayFiserv - ACCEL/Exchange April 30, 2010 Issuing Processing Payment Software company (PSC)Fiserv – Bank Solutions July 31, 2010 Other PSCLincolnFiserv - CBS Lake Mary August 31, 2010 Other PSCFiserv - CheckFreePay June 30, 2010 Other Payment Software company (PSC)Fiserv - Club Solutions July 31, 2010 Hosting Provider Payment Software company (PSC) OtherFiserv - CUSA October 31, 2010 Other PSCFiserv - E Banking September 30, 2010 Hosting Provider PSC OtherFiserv - Electronic February 28, 2010 Other Payment Software companyDocument Delivery (EPSIIA) (PSC)Fiserv – FET Brookfield October 31, 2010 Other PSCFiserv - Northeast Region June 30, 2010 Issuing Processing Payment Software CompanyData Center (PSC)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 26 of 65
  • 27. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFiserv - OnCU July 31, 2010 Other Payment Software company (PSC)Fiserv - SourceOne July 31, 2010 Other Payment Software company (PSC)Fiserv - Southeastern October 31, 2010 Issuing Processing PSCRegion Data Center:Bowling GreenFISERV Advantage September 30, 2010 Authorization PSC Hosting Provider Other SwitchingFiserv Bank Solutions - November 30, 2010 Issuing Processing PSCMidwest Region Data CenterFiserv Bank Solutions - December 31, 2010 Issuing Processing PSCWestern Region DataCenterFiserv Bank Solutions August 31, 2010 Other PSC(LBD) EMEAFiserv Bank Solutions November 30, 2010 Other PSCCleartouch Banking PlatformFiserv Bank Solutions Sioux November 30, 2010 Other PSCFalls & OnalaskaFiserv Card Services - November 30, 2010 Issuing Processing Payment Software CompanyCredit (PSC)Fiserv Customer Solutions November 30, 2010 Other PSCFiserv EFT March 31, 2010 Issuing Processing Payment Software Company (PSC)FISERV Electronic Banking, October 31, 2010 Billing Management PSCBiller Solutions & Itech Other Payment GatewayFISERV Enterprise September 30, 2010 Hosting Provider PSCTechnology - Johns CreekFISERV FET Irving November 30, 2010 Other Payment Software Company (PSC)Fiserv Loan Servicing November 30, 2010 Other PSCSolutionsFiserv Premier Central November 30, 2010 Other PSCFiserv-Xroads February 28, 2010 Hosting Provider Payment Software company (PSC)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 27 of 65
  • 28. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFiserv-Xroads February 28, 2010 Other Payment Software company (PSC)Florists’ Transworld March 31, 2010 Payment Gateway HALOCK Security LabsDelivery Inc.Focus Payment Solutions January 31, 2010 Other TrustwaveFore! Reservations September 30, 2010 Payment Gateway SAS70 SolutionsForward Information June 30, 2010 Authorization TrustwaveTechnologies Hosting Provider Payment GatewayFosdick Fulfillment July 31, 2010 Clearing & Settlement TrustwaveFreedomPay Inc. July 31, 2010 Authorization T3i Clearing & Settlement Loyalty Programs Payment GatewayFRONT STREAM January 31, 2010 Clearing & Settlement Information ExchangePAYMENTS INC OtherFrontline Processing June 30, 2010 Other SecurityMetrics Payment GatewayFrontStream Fast Transact, May 31, 2010 Authorization ControlCaseLLCFry Inc. May 31, 2010 Hosting Provider IBM Internet Security SystemsFSV Payment Systems May 31, 2010 Issuing Processing K3DES OtherFujitsu America Inc. February 28, 2010 Hosting Provider Verizon BusinessFulfillment Technologies September 30, 2010 Authorization SecureState Clearing & Settlement MOTO Payment ProcessingGalileo Processing July 31, 2010 Issuing Processing TrustwaveGateway Ticketing October 31, 2010 Hosting Provider Fortrex TechnologiesSystems, Inc. IPSP (E-commerce)GAZCARDSERVICE December 31, 2010 Authorization Informzaschita Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 28 of 65
  • 29. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAGAZCARDSERVICE December 31, 2010 Payment Gateway Informzaschita Process Magnetic-Stripe Transactions Switching Verified by Visa Access Control ServerGC Services October 31, 2010 MOTO Payment Processing K3DES Process Magnetic-Stripe TransactionsGE Money - Americas, December 31, 2009 Authorization SymantecRetail Sales Finance IPSP (E-commerce) Payment GatewayGE Money - Retail August 31, 2010 Authorization SymantecConsumer Finance Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs Other Payment Gateway Process Magnetic-Stripe TransactionsGetNet July 31, 2010 Clearing & Settlement Cipher Informatica Ltda Payment Gateway SwitchingGlobal Card Services May 31, 2010 Authorization CyberTrust(Elavon) Clearing & Settlement Other Payment Gateway Process Magnetic-Stripe TransactionsGlobal Cash Access July 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsGlobal Cash Card January 31, 2010 Authorization Digital Resources Group (DRG) Issuing ProcessingGlobal Collect Services B.V. July 31, 2010 Clearing & Settlement Trustwave(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 29 of 65
  • 30. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAGlobal Collect Services B.V. July 31, 2010 IPSP (E-commerce) TrustwaveGlobal Debt Registry January 31, 2011 Other Solutionary, Inc.Global Electronic January 31, 2010 Payment Gateway 403 LabsTechnologyGlobal Payments Direct, Inc. July 31, 2010 Payment Gateway Trustwave SwitchingGlobal Processing Centre June 30, 2010 Authorization Information Exchange Clearing & Settlement Issuing Processing Payment GatewayGLOBAL REFUND January 31, 2010 Payment Gateway Vectra Information SecurityHOLDINGS AB Pte Ltd (branch office of Vectra Corp)Global Technology Partners June 30, 2010 Other CoalfireLLCGo Daddy October 31, 2010 IPSP (E-commerce) Trustwave Payment GatewayGoEmerchant May 31, 2010 Authorization IBM Internet Security Systems Payment GatewayGoogle January 31, 2010 Payment Gateway Core SecurityGovolution, Inc. May 31, 2010 Authorization IBM Internet Security Systems Payment GatewayGP Network Corporation September 30, 2010 Authorization BSI Japan Clearing & SettlementGreen Dot October 31, 2010 Issuing Processing Protiviti Inc.Greenwise Bankcard, LLC January 31, 2010 IPSP (E-commerce) Chief Security Officers, LLC MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsGSI Commerce Solutions September 30, 2010 IPSP (E-commerce) TrustwaveHamer Enterprises December 31, 2009 Payment Gateway SecurityMetricsHarland Financial Solutions August 31, 2010 Authorization Crowe Horwath MOTO Payment Processing Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 30 of 65
  • 31. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAHarris Connect December 31, 2010 Payment Gateway TrustwaveHarte-Hanks June 30, 2010 Hosting Provider CyberEnsure LLCHeartland Payment Systems April 30, 2010 Authorization Coalfire Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingHelcim Inc. June 30, 2010 Authorization SPIguard Security Solutions Inc. IPSP (E-commerce) MOTO Payment Processing Payment GatewayHewitt Associates LLC August 31, 2010 Other TrustwaveHewlett-Packard (TD Bank June 30, 2010 Hosting Provider TelusEnvironment)Hinda, Inc. January 31, 2010 Loyalty Programs Tech Lock IncHitachi Information Systems February 28, 2010 Authorization Internet Secuirty ServicesHostedPCI March 31, 2010 Hosting Provider Net Cyclops Inc. SwitchingHosting.com April 30, 2010 Hosting Provider Trustwave OtherHP Commercial Card (EDS) May 31, 2010 Payment Processing TrustwaveHP Consumer Card October 31, 2009 Authorization TrustwaveServices (EDS) Issuing Processing Loyalty ProgramsHP Consumer Direct (EDS) September 30, 2010 Authorization Trustwave E-Commerce Merchant Support MOTO Payment Processing Order Fulfillment Payment GatewayHP Deposit Systems October 31, 2009 Clearing & Settlement Trustwave Hosting Provider Payment GatewayHP EDS Merchant Acquirer October 31, 2010 Authorization Trustwave Clearing & Settlement(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 31 of 65
  • 32. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAHP EDS Merchant Acquirer October 31, 2010 Payment Gateway Trustwave SwitchingHP Guidance Authorization October 31, 2009 Issuing Processing TrustwaveHP Oregon eGovernment June 30, 2010 Managed Merchant Hosting Trustwave(EDS)HP Pay for Convenience April 30, 2010 Payment Gateway Trustwave(EDS)HP Surveyor (EDS) August 31, 2010 New Accounts Online TrustwaveHughes Network Systems September 30, 2010 Switching IBM Internet Security SystemsHypertec Availability July 30, 2010 Hosting Provider Net Cyclops Inc.Servicesi2c Incorporated November 30, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Loyalty Programs Payment GatewayIATS Ticketmaster December 31, 2010 Other Trustwave Payment Gateway Process Magnetic-Stripe TransactionsIC Systems August 31, 2010 Clearing & Settlement RSM McGladreyiCongo January 31, 2010 IPSP (E-commerce) NetSPIICT Group October 31, 2009 Other TruArxID Analytics, Inc. June 30, 2010 Other Computer Task GroupiMax Bancard December 31, 2010 Other SecurityMetricsInComm September 30, 2010 Authorization IBM Internet Security Systems Issuing Processing OtherIndustry Retail Group December 31, 2009 Other TrustwaveINetU, Inc. January 31, 2010 Hosting Provider TrustwaveInfinity Data October 31, 2010 Clearing & Settlement Information Exchange OtherInfoGroup March 31, 2010 Other Solutionary, Inc.Infusion Software July 31, 2010 MOTO Payment Processing SecurityMetrics Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 32 of 65
  • 33. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAInnotrac Corporation August 31, 2010 MOTO Payment Processing Trustwave Payment GatewayInnovative Gateway October 31, 2010 Clearing & Settlement TrustwaveSolutions (IGS) IPSP (E-commerce) Payment GatewayInnovative Merchant October 31, 2009 Authorization TrustwaveSolutions (IMS) Clearing & Settlement IPSP (E-commerce) Process Magnetic-Stripe TransactionsInnovis Data Solutions, Inc January 31, 2010 Other Verizon BusinessIN-SOLUTIONS GLOBAL April 30, 2010 Clearing & Settlement SISA Information SecurityPVT LIMITED Hosting ProviderInstaMed Communications February 28, 2010 Authorization Trustwave Clearing & Settlement Payment GatewayIntegrity Payment Systems March 31, 2010 Other K3DESIntellipay February 28, 2010 Clearing & Settlement Trustwave Payment Gateway Process Magnetic-Stripe Transactions SwitchingIntercept September 30, 2010 Payment Gateway CoalfireInterface Security Secure - June 30, 2010 Other SecurityMetricsManaged BroadbandINTERNATIONAL CARD August 31, 2010 Clearing & Settlement AcertigoSYSTEMS AD (CASYS AD) IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe Transactions SwitchingInternational Industrial Bank October 31, 2010 Authorization Jet Infosystems Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 33 of 65
  • 34. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAInternational Industrial Bank October 31, 2010 Switching Jet InfosystemsInternet Payment Exchange July 31, 2010 Authorization TruArx Process Magnetic-Stripe TransactionsInternet Ticketing Systems, July 31, 2010 MOTO Payment Processing SecurityMetricsInc Other Payment Gateway Process Magnetic-Stripe TransactionsInterpro Group, Inc. October 31, 2009 Other K3DES Payment GatewayIntersections February 28, 2011 Authorization Control Case IPSP (E-commerce)INTESA SANPAOLO CARD December 31, 2010 Authorization TrustwaveD.O.O. (LTD) Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs Payment Gateway Process Magnetic-Stripe Transactions Switching Verified by Visa Access Control ServerIntrix Technology Inc. March 31, 2010 IPSP (E-commerce) Trustwave Payment Gateway Process Magnetic-Stripe TransactionsIntuit Electronic Clearing April 30, 2010 Authorization TrustwaveHouse (ECHO, Inc.) Clearing & Settlement IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe TransactionsIntuit Innovative Merchant November 30, 2010 Clearing & Settlement TrustwaveSolutions OtherIntuit QuickBooks Online February 28, 2010 IPSP (E-commerce) TrustwaveProcessorIntuition Systems October 31, 2010 Payment Gateway SecurityMetrics(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 34 of 65
  • 35. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAIP Commerce October 31, 2010 Other Coalfire Payment GatewayIP PAYMENTS PTY LTD August 31, 2010 Authorization Vectra Corporation Payment Gateway SwitchingiPayment June 30, 2010 Other TrustwaveIPS Group Inc. October 31, 2010 Payment Gateway Tevora Business SolutionsiQmetrix August 31, 2010 Payment Gateway Seccuris, Inc.IRN Payment Systems February 28, 2010 Clearing & Settlement Information Exchange OtherIron Mountain May 31, 2010 Other Neohapsis Inc.iTransact May 31, 2010 MOTO Payment Processing Specialized Security Services, Inc. Payment Gateway Process Magnetic-Stripe TransactionsITS Inc. / Shazam Inc. April 30, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingIveri Payment Technology March 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) SwitchingJ.J. MacKay Canada November 30, 2010 Payment Gateway TrustwaveLimited/MacKay Meters,Inc. (MacKay Meters)JetPay, LLC April 30, 2010 Clearing & Settlement Trustwave Payment Gatewayjha Payment Processing June 30, 2010 Clearing & Settlement CoalfireSolutions Issuing Processing Loyalty Programs Payment GatewayJSA Technologies September 30, 2010 Payment Gateway TrustwaveJSC GE MoneyBank October 31, 2010 Authorization Sysnet(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 35 of 65
  • 36. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAJSC GE MoneyBank October 31, 2010 Issuing Processing Sysnet Payment Gateway Process Magnetic-Stripe TransactionsJSC Georgian Card October 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingJSC RUSSIAN STANDARD August 31, 2010 Authorization TrustwaveBANK Clearing & SettlementJSC TRANSCREDITCARD October 31, 2010 Authorization Evraas.I.T E-Commerce Issuing Processing Payment Gateway Process Magnetic-Stripe TransactionsJumpTV March 31, 2010 Payment Gateway TrustwaveKeyBank Lockbox January 31, 2011 Other SecureStateKimbia, Inc. October 31, 2010 Hosting Provider Lighthouse Payment GatewayKobie Marketing, Inc. December 31, 2010 Loyalty Programs SAS 70 Solutions, Inc.Kount, Inc (A Division of March 31, 2010 Other TrustwaveKeynetics, Inc)Kubra Data Transfer, Inc. July 31, 2010 Payment Gateway TrustwaveKudzu Interactive, Inc. September 30, 2010 Authorization ControlCase Payment GatewayLesConcierges March 31, 2010 Loyalty Programs Digital Resources Group (DRG)Lethoff, Inc. November 30, 2009 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 36 of 65
  • 37. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NALethoff, Inc. November 30, 2009 Process Magnetic-Stripe Trustwave TransactionsLighthouse1 February 28, 2010 Other Jefferson WellsLink2Gov February 28, 2010 Payment Gateway TrustwaveLitle & Co January 31, 2010 Payment Gateway Payment Software Company (PSC)LiveOps, Inc July 31, 2010 Other TrustwaveLOTSolutions / Life of the June 30, 2010 Other TrustwaveSouth Payment GatewayLundquist Consulting December 31, 2009 Other TrustwaveM & T Bank July 31, 2010 Issuing Processing SecureState LLCMaas Global Solutions October 31, 2010 Authorization Digital Resources GroupCorporation (DRG) Payment Gateway Process Magnetic-Stripe TransactionsMagensa August 31, 2010 Other 403 LabsMagic Wrighter July 31, 2010 Payment Gateway TrustwaveMaintech November 30, 2010 Switching IBM Internet Security SystemsMaritz Loyalty Marketing December 31, 2010 Loyalty Programs IBM Internet Security SystemsMaritz Travel August 31, 2010 Other IBM Internet Security SystemsMarketLive October 31, 2009 Hosting Provider AT&T Consulting Solutions IPSP (E-commerce)Marketworks April 30, 2010 Payment Gateway TrustwaveMaverick Network July 31, 2010 Authorization Pointe SolutionsSolutions, Inc Clearing & Settlement Issuing ProcessingMBS Insight, Inc May 31, 2010 Other K3DESMBS Textbook Exchange, September 30, 2010 Payment Gateway TrustwaveInc. - inSiteMBU d.o.o. August 31, 2010 3-D Secure Access Control Trustwave Server Authorization(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 37 of 65
  • 38. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAMBU d.o.o. August 31, 2010 Clearing & Settlement Trustwave IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingMcKesson Patient Compass April 30, 2010 Payment Gateway TrustwaveMediterranean Smart Cards November 30, 2010 3-D Secure Access Control TrustwaveCompany Server Authorization Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingMegaPath January 31, 2010 Other TrustwaveMellon Transaction October 31, 2009 Authorization TrustwaveSolutions Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingMember Solutions, Inc. September 30, 2010 Payment Gateway TrustwaveMerchant e-Solutions January 31, 2010 Authorization Digital Resources Group (DRG) Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsMerchant Link, LLC January 31, 2010 Payment Gateway TrustwaveMerchant One, Inc. March 31, 2010 Clearing & Settlement Information Exchange OtherMerchant Partners July 31, 2010 Authorization Information Exchange Clearing & Settlement Payment GatewayMerchant Plus July 31, 2010 Payment Gateway Trustwave(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 38 of 65
  • 39. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAMerchant Service Center November 30, 2009 Clearing & Settlement Information Exchange Other Payment GatewayMERCHANT SERVICES December 31, 2009 Other TrustwaveDE MEXICO S.A DE C.VMerchant Services LTD April 30, 2010 Other The Compliance and Audit GroupMerchant Warehouse October 31, 2009 MOTO Payment Processing Trustwave Payment GatewayMerchants’ Choice September 30, 2010 Other K3DES LLCPayment SolutionsMercury Payment Systems March 31, 2011 Payment Gateway CoalfireMeridian Enterprises, Inc. December 31, 2009 Authorization Protiviti Inc. Issuing ProcessingMeritus Payment Solutions August 31, 2010 Payment Gateway 403 LabsMerkle Response Group November 30, 2009 Other VerizonMeta Payment Systems April 30, 2010 Clearing & Settlement TrustwaveMetavante - Electronic July 31, 2010 Authorization TrustwavePayment PresentmentMetavante Biller Solution September 30, 2010 Payment Gateway TrustwaveProduct (BSP)Metavante Corporation- April 30, 2010 Authorization TrustwaveAcquiring Solutions, ATMDriving & Gateway Services Clearing & Settlement Process Magnetic-Stripe Transactions SwitchingMetavante Corporation- April 30, 2010 Authorization TrustwaveIssuing Solutions, DebitAccount, HealthcarePayment Card, and PrepaidCard Solutions Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingMetavante Healthcare February 28, 2010 Other TrustWavePayment Solutions Group,Benefits Payment Systems(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 39 of 65
  • 40. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAMetavante-Merchant April 30, 2010 Other TrustwaveAcquiring and Credit CardAccount ProcessingServicesMHM Resources, LLC July 31, 2010 Issuing Processing RSM McGladreyMicros Systems, Inc. January 31, 2010 Other TrustwaveMicrosoft Dynamics Online May 31, 2010 Authorization Trustwave IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsMinacs Worldwide Inc. April 30, 2010 MOTO Payment Processing Trustwave OtherMindbody September 30, 2010 Hosting Provider Payment Software company (PSC) Payment GatewayMobile Bytes, LLC January 31, 2010 Other Chief Security OfficersMOBIPLAS LLC October 31, 2010 Authorization EVRAAS.IT Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsModern Payment Solutions April 30, 2010 IPSP (E-commerce) SRC Security Research & Consulting GmbH MOTO Payment ProcessingMoneris July 31, 2010 Clearing & Settlement Control Gap OtherMonexa Solutions, Inc. January 31, 2010 IPSP (E-commerce) Verizon Business Payment GatewayMoneyGram Payment May 31, 2010 IPSP (E-commerce) Verizon Business:Systems / Property Bridge Issuing Processing OtherMonitise Americas September 30, 2010 Other TrustwaveMotionsoft December 31, 2009 Hosting Provider Trustwave IPSP (E-commerce) MOTO Payment Processing(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 40 of 65
  • 41. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAMotivational Fulfillment & February 28, 2010 MOTO Payment Processing Tevora Business SolutionsLogistics ServicesMPOWER Labs November 30, 2009 Authorization 403 LabsMsi - Merchant Services, March 31, 2010 Clearing & Settlement Information ExchangeInc. NJMSX International December 31, 2010 Authorization Nuspire NetworksMtrex (Vision Bankcard, February 28, 2010 IPSP (E-commerce) TrustwaveInc.) Payment Gateway Process Magnetic-Stripe TransactionsMTXEPS October 31, 2010 MOTO Payment Processing Trustwave Payment Gateway SwitchingMulti Service Corp February 28, 2010 Payment Gateway TrustwaveMWEB BUSINESS March 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Other SwitchingMySchoolBucks, LLC July 31, 2010 IPSP (E-commerce) Tevora Business SolutionsNational Bankcard Services October 31, 2010 Authorization RSM McGladrey Clearing & Settlement Loyalty Programs Payment GatewayNational Credit Cards July 31, 2010 Authorization Nvision Group Issuing Processing Payment Gateway SwitchingNational Fulfillment October 31, 2010 Authorization SecurityMetricsServices (NFS) Clearing & Settlement Hosting Provider MOTO Payment Processing Payment GatewayNational Information May 31, 2010 Payment Gateway TrustwaveSolutions CooperativeNational Merchant Center December 31, 2009 Authorization Digital Resources Group (DRG) Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 41 of 65
  • 42. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NANational Processing September 30, 2010 Other TrustwaveCompanyNational Systems July 31, 2010 Hosting Provider TrustwaveCorporation / QuikOrder,Inc.Nationwide Payment November 30, 2010 Authorization Information ExchangeSolutions Clearing & Settlement Payment GatewayNBS Payment Solutions September 30, 2010 IPSP (E-commerce) Control Gap MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsNCMIC Finance Corporation October 31, 2010 Other SecurityMetricsNCO Group November 30, 2010 Other Verizon Business – SecurityNebraska Electronic November 30, 2010 Authorization TrustwaveTransfer System, Inc. Clearing & Settlement SwitchingNelnet Business Solutions, April 30, 2010 Authorization TrustwaveInc Payment GatewayNETBilling November 30, 2010 Payment Gateway SecurityMetricsNetDeposit LLC December 31, 2009 Authorization Verizon Business Other Payment GatewayNetspend June 30, 2010 Authorization Coalfire Systems. Inc. Clearing & Settlement Issuing Processing Payment GatewayNetSuite January 31, 2010 Hosting Provider Trustwave Payment GatewayNETWORK November 30, 2010 Authorization M Kuppuswamy PSG & CoINTERNATIONAL LLC Clearing & Settlement Hosting Provider IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 42 of 65
  • 43. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NANETWORK November 30, 2010 Process Magnetic-Stripe M Kuppuswamy PSG & CoINTERNATIONAL LLC Transactions SwitchingNetwork Merchants March 31, 2010 Authorization Trustwave Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsNetwork Solutions November 30, 2010 Hosting Provider Payment Software Company (PSC)New Edge Networks July 31, 2010 Other Neohapsis Inc.Newegg, Inc. November 30, 2010 Payment Gateway TrustwaveNewtek Merchant Solutions October 31, 2010 Clearing & Settlement SecurityMetrics Loyalty ProgramsNEXUS, S.A. February 28, 2010 Authorization 403labs Clearing & Settlement Issuing ProcessingNorth American Bancard October 31, 2010 Clearing & Settlement Information ExchangeNPC Secure March 31, 2010 Payment Gateway TrustwaveNRT TECHNOLOGIES, February 28, 2010 Authorization TrustwaveINC. Clearing & Settlement Process Magnetic-Stripe Transactions SwitchingNuance Communications, July 31, 2010 Other TrustwaveInc.Nurbank March 31, 2010 Authorization IBM Internet Security Systems Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsNYCE Payments Network, April 30, 2010 Authorization TrustwaveLLC Clearing & SettlementOak Leaf Systems, Inc. dba February 28, 2010 Hosting Provider Raven EyeData Hosting Solutions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 43 of 65
  • 44. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAObopay May 31, 2010 Clearing & Settlement Digital Resources Group, LLC MOTO Payment Processing OtherOfficial Payments February 28, 2010 Clearing & Settlement TrustwaveCorporation IPSP (E-commerce) MOTO Payment Processing Payment Gateway SwitchingOMS Online, LLC August 31, 2010 Hosting Provider ControlCase IPSP (E-commerce) MOTO Payment Processing Other Payment GatewayOneBridge, Inc. October 31, 2010 Issuing Processing Crowe Horwath LLP SwitchingOpen Solutions April 30, 2010 Issuing Processing K3DES OtherOpen Solutions Canada July 31, 2010 Payment Gateway K3DES SwitchingOpSource February 28, 2010 MOTO Payment Processing Trustwave Payment GatewayOpticard Payment Services April 30, 2010 Authorization Information ExchangeInc. Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsOptimal Payments June 30, 2010 Clearing & Settlement Trustwave Payment GatewayOracle EasyPay August 31, 2010 Hosting Provider Coalfire IPSP (E-commerce)Oracle E-Billing August 31, 2010 Hosting Provider Coalfire Systems IPSP (E-commerce)Oracle On Demand August 31, 2010 Hosting Provider Coalfire IPSP (E-commerce)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 44 of 65
  • 45. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAORBIT Systems Inc. - PCI February 28, 2010 Hosting Provider Raven EyeHosted ServicesORCC - eCommerce November 30, 2010 Other TrustwaveDivision: ColumbusORCC - eCommerce October 31, 2010 Other TrustwaveDivision: ParsippanyORCC - eCommerce May 31, 2010 Payment Gateway TrustwaveDivision: PrincetonOrderMotion May 31, 2010 Payment Gateway TrustwaveOrderTalk September 30, 2010 IPSP (E-commerce) Trustwave MOTO Payment Processing Payment GatewayOverDrive Inc December 31, 2010 Clearing & Settlement NetWorks Group Payment Gateway Payment ProcessingPaciolan, Inc. October 31, 2010 Hosting Provider Trustwave Payment Gateway Process Magnetic-Stripe TransactionsPalm Coast Data January 31, 2010 MOTO Payment Processing K3DES Payment GatewayPAMS Lunchroom LLC August 31, 2010 IPSP (E-commerce) Trustwave MOTO Payment ProcessingPanasonic Avionics April 30, 2010 Payment Gateway Arsenal Security GroupCorporationParkeon December 31, 2009 Payment Gateway TrustwaveParkmobile US December 31, 2010 Other CoalfirePasskey International, Inc. July 31, 2010 Payment Gateway IOActive Inc.Passport EFT Solutions December 31, 2010 Authorization Trustwave SwitchingPassport Health February 28, 2010 Payment Gateway TrustwaveCommunications, Inc.Pay DQ November 30, 2010 Payment Gateway SolutionaryPAY.ON December 31, 2009 IPSP (E-commerce) Acertigo AG Payment GatewayPayConnexion April 30, 2010 Payment Gateway Jefferson WellsPAYjr October 31, 2009 Clearing & Settlement Information Exchange(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 45 of 65
  • 46. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAPAYjr October 31, 2009 Issuing Processing Information Exchange OtherPayJunction April 30, 2010 IPSP (E-commerce) Payment Software Company (PSC) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsPayLeap LLC February 28, 2010 Clearing & Settlement Information Exchange Payment GatewayPayM8 Pty Ltd January 31, 2010 IPSP (E-commerce) Trustwave Payment GatewayPayment Data Systems May 31, 2010 Authorization Information Exchange Inc. Clearing & Settlement Issuing Processing Payment GatewayPayment Processing, Inc. April 30, 2010 Payment Gateway Trustwave Process Magnetic-Stripe TransactionsPayment Service Network December 31, 2010 Payment Gateway Digital Resources Group (DRG)Paymentus Corporation October 31, 2010 Other SPIguard Payment GatewayPaymetric August 31, 2010 Authorization Trustwave Clearing & Settlement Other Payment GatewayPayOnline System LLC July 31, 2010 Payment Gateway Digital SecurityPayPal December 31, 2010 IPSP (E-commerce) K3DES MOTO Payment Processing Payment GatewayPaySentinel September 30, 2010 IPSP (E-commerce) Trustwave Payment Gateway SwitchingPaySimple September 30, 2010 Payment Gateway CoalfirePayTrace August 31, 2010 Authorization Information Exchange Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 46 of 65
  • 47. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAPayTrace August 31, 2010 Process Magnetic-Stripe Information Exchange TransactionsPayvision BV August 31, 2010 Authorization BT INS Clearing & Settlement MOTO Payment Processing Payment GatewayPBD Worldwide Fulfillment July 31, 2010 Other TrustwaveServicesPETROCARD LTD August 31, 2010 Authorization Inforzaschita Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingPFSweb, Inc. April 30, 2010 IPSP (E-commerce) Trustwave MOTO Payment ProcessingPhoenix Managed August 31, 2010 Other igxglobal, Inc.Networks, LLCPhoenixNap, LLC January 31, 2010 Hosting Provider CoalfirePipeline Data November 30, 2010 IPSP (E-commerce) Coalfire Systems. Inc. MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsPitney Bowes March 31, 2010 Payment Gateway IBM Internet Security SystemsPivotal Payments February 28, 2010 Clearing & Settlement SecurityMetrics Loyalty Programs Payment GatewayPlanet eShop October 31, 2009 Clearing & Settlement Information Exchange MOTO Payment Processing Payment GatewayPlanet Payment March 31, 2010 Authorization Trustwave Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsPlug & Pay Technologies, June 30, 2010 Clearing & Settlement SecurityMetricsInc. Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 47 of 65
  • 48. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAPlug & Pay Technologies, June 30, 2010 Process Magnetic-Stripe SecurityMetricsInc. TransactionsPortmone December 31, 2009 IPSP (E-commerce) SRC GermanyPOS Portal August 31, 2010 Other Coalfire Systems. Inc.Posatel Inc. March 31, 2010 Authorization SPIguard Security Solutions Inc. Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingPOST Integrations, Inc. April 30, 2010 Clearing & Settlement CyberTrust(Ebocom)PowerPay, LLC October 31, 2010 Other Payment Software Company (PSC)PreCash, Inc. December 31, 2010 Other TrustwavePreferred Health Technology August 31, 2010 Payment Gateway TrustwavePREMIER March 31, 2010 IPSP (E-commerce) Witham LaboratoriesTECHNOLOGIES PTY LTD Payment GatewayPresto - Publix Super October 31, 2010 Other SolutionaryMarkets SwitchingPrimoris Services LLC July 31, 2010 Clearing & Settlement SecurityMetrics IPSP (E-commerce) MOTO Payment Processing Payment GatewayPriorbank JSC November 30, 2010 Authorization SRC Security Research & Consulting GmbH (SRC) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsPriority Payment Systems April 30, 2010 Other SecurityMetricsProcecard, a wholly owned April 30, 2010 Authorization Internet Security Systems,BHD company Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 48 of 65
  • 49. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAProcess America September 30, 2010 Clearing & Settlement Information Exchange Payment GatewayProfitStars September 30, 2010 Payment Gateway TrustwavePromoción y Operación July 31, 2010 Authorization 403 LabsS.A. de C.V. (PROSA) Clearing & Settlement Issuing Processing SwitchingProPay USA, Inc. June 30, 2010 Authorization SecurityMetrics Issuing Processing Payment Gateway Process Magnetic-Stripe TransactionsPropco Marketing April 30, 2010 Loyalty Programs Neohapsis, Inc.Protocol Global Solutions September 30, 2010 Other Verizon Business Security SolutionsPSCU Financial Services, February 28, 2010 Clearing & Settlement Verizon BusinessInc. Loyalty Programs Other Payment Gateway SwitchingPSI Gate April 30, 2010 Payment Gateway TrustwavePSOnline, LLC August 31, 2010 Other ControlCasePulse Network LLC July 31, 2010 Authorization K3DES Clearing & Settlement MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingPURE COMMERCE PTY March 31, 2010 Authorization IBM Internet SecurityLTD Systems Clearing & Settlement Hosting Provider IPSP (E-commerce) Other Payment GatewayQgiv May 31, 2010 Payment Gateway SecurityMetricsQS/1 June 30, 2010 Authorization Trustwave Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 49 of 65
  • 50. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAQuanComm, Inc. July 31, 2010 Payment Gateway TrustwaveQuantum Services September 30, 2010 Payment Gateway Raven EyeQuickbooks Merchant October 31, 2010 Payment Gateway TrustwaveServicesRackspace Hosting July 31, 2010 Hosting Provider TrustwaveRadiant Systems - ALOHA October 31, 2010 Payment Gateway CoalfireTAKEOUTRadiant Systems - October 31, 2010 Payment Gateway CoalfireCPGATEWAYRadiant Systems - CPOnline August 31, 2010 IPSP (E-commerce) Coalfire Systems. Inc.Radiant Systems - PCI October 31, 2010 Hosting Provider CoalfireDATA CENTERSRainbow Rewards February 28, 2010 Loyalty Programs CoalfireRBS WorldPay - High March 31, 2010 Payment Gateway Arsenal Secuirty GroupCapacity GatewayRBS WorldPay Inc. - May 31, 2010 Authorization Verizon BusinessAcquiring Clearing & Settlement IPSP (E-commerce) Issuing Processing Payment Gateway Process Magnetic-Stripe TransactionsReady Financial Group July 31, 2010 Other TrustwaveRealPage, Inc. June 30, 2010 Payment Gateway TrustwaveRearden Commerce April 30, 2010 IPSP (E-commerce) IBM Internet Security Systems OtherReceivable Management September 30, 2010 Other TrustwaveServicesRedbanc, S.A. June 30, 2010 Clearing & Settlement Xtrategies, LLC Process Magnetic-Stripe Transactions SwitchingRegions Bank February 28, 2010 Issuing Processing Jefferson WellsRegOnline April 30, 2010 Authorization Coalfire Clearing & Settlement Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 50 of 65
  • 51. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAResults Technologies, Inc September 30, 2010 Other Coalfire SystemsRetail Decisions October 31, 2010 IPSP (E-commerce) Payment Software Company, LLC (PSC) Payment GatewayRevelex Corporation September 30, 2010 Other TrustwaveRevTrak, Inc May 31, 2010 Authorization Coalfire Systems. Inc. Payment GatewayRewards Network July 31, 2010 Loyalty Programs SuneraRewardsNow March 31, 2010 Loyalty Programs AT&T Consulting Solutions, Inc.ROAM Data, Inc. December 31, 2009 Payment Gateway igxglobal, Inc.RocketGate October 31, 2010 Authorization 403 Labs, LLC Clearing & Settlement Payment GatewayRSI International January 31, 2010 IPSP (E-commerce) Coalfire Payment GatewayRT Lawrence April 30, 2010 Payment Gateway TrustwaveRucard Ltd. August 31, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingS1 Corp. - Postilion Retail October 31, 2010 Payment Gateway TrustwavePOS EnvironmentSage Payment Solutions July 31, 2010 Payment Gateway Verizon Business Network(formerly Verus Card Services Inc.Services)Sallie Mae April 30, 2010 Issuing Processing Specialized Security Services Payment GatewaySATELLITE RECEIVERS, December 31, 2010 Other K3DESLTD. (Cash Depot) SwitchingSavvis Communications August 31, 2010 Hosting Provider COALFIRE SYSTEMSCorporationSBI VERITRANS CO., LTD December 31, 2010 Clearing & Settlement ICMS Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 51 of 65
  • 52. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NASchool-Link Technologies April 30, 2010 Authorization Coalfire IPSP (E-commerce) OtherSecureNet June 30, 2010 Authorization Arsenal Security Group Clearing & Settlement Hosting Provider IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingSegPay April 30, 2010 Clearing & Settlement Trustwave Payment GatewaySemtek Innovative Solutions July 31, 2010 Other SecurityMetrics Payment GatewaySequoia Retail Systems July 31, 2010 Authorization Digital Resources Group (DRG) Hosting ProviderServebase January 31, 2011 3-D Secure Access Control Foregenix Server Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsServiceU Corporation April 30, 2010 Hosting Provider K3DES MOTO Payment Processing Payment GatewayServicios Electrónicos October 31, 2010 Authorization 403 LabsGlobales S.A. de C.V. (E-Global) Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingSHC Direct April 30, 2010 Loyalty Programs TrustwaveShift4 May 31, 2010 Clearing & Settlement Verizon Business Loyalty Programs(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 52 of 65
  • 53. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAShift4 May 31, 2010 Payment Gateway Verizon Business SwitchingSigma Micro August 31, 2010 IPSP (E-commerce) Trustwave Payment GatewaySignature Card Services October 31, 2009 Loyalty Programs SecurityMetrics OtherSimmons First National September 30, 2010 Clearing & Settlement TrustwaveCorp. Issuing ProcessingSITA Information April 30, 2010 Authorization IBM Internet SecurityNetworking Computing, SystemsUSA Inc. SwitchingSix Card Solutions April 30, 2010 Authorization VOC - Consultancy B.V.Luxembourg S.A. Clearing & Settlement IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe TransactionsSlimCD September 30, 2010 Payment Gateway Enterprise Risk ManagementSmart Business March 31, 2011 Authorization T3iTechnology, Inc Clearing & Settlement Loyalty Programs Payment Gateway SwitchingSmartEtailing, Inc September 30, 2010 Hosting Provider Digital Resources Group (DRG) Payment GatewaySOCIETE GENERALE - May 31, 2010 Clearing & Settlement AcertigoSPLITSKA BANKA D.D. Payment ProcessingSoftHotel October 31, 2010 Payment Gateway Verizon Business Network Services Inc.SoundBite Communications September 30, 2010 Other K3DESSpacenet May 31, 2010 Other TrustwaveSpeedpay (AKA Western December 31, 2009 Other TrustwaveUnion Payment Services)Spendvision April 30, 2010 Other Symantec(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 53 of 65
  • 54. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NASquare, Inc. May 31, 2010 IPSP (E-commerce) Coalfire Payment Gateway Process Magnetic-Stripe TransactionsStafford Associates October 31, 2010 Hosting Provider CrimsonSecurityStamps.com August 31, 2010 IPSP (E-commerce) Trustwave MOTO Payment Processing Payment GatewayStarCite, Inc. February 28, 2010 Payment Gateway RSM McGladreySterling Payment August 31, 2010 Authorization TrustwaveTechnologies Clearing & Settlement IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsSterling Valley Systems, July 31, 2010 Payment Gateway TrustwaveInc.- InntopiaStoneEagle Services, Inc. October 31, 2010 Authorization Information Exchange Inc. Clearing & Settlement Payment GatewayStoreFinancial Services, November 30, 2010 Authorization 403 LabsLLC Issuing Processing Payment GatewayStoresOnline, Inc. / January 31, 2010 Hosting Provider SecurityMetricsiMergent, Inc Payment GatewayStrategic Fulfillment Group / August 31, 2010 IPSP (E-commerce) TrustwaveDynamic Resource Group(SFG/DRG) MOTO Payment Processing Payment GatewaySTRATEGIC PAYMENTS April 30, 2010 MOTO Payment Processing Verizon BusinessSERVICES PTY LTD Process Magnetic-Stripe Transactions SwitchingStrategic Profits April 30, 2010 Authorization SPIguard Security Solutions Inc.(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 54 of 65
  • 55. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAStrategic Profits April 30, 2010 Clearing & Settlement SPIguard Security Solutions Inc. MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsSunGard Availability February 28, 2010 Hosting Provider Fortrex TechnologiesServicesSunGard Public Sector October 31, 2010 Hosting Provider SecurityMetrics Payment GatewaySuperior Financial Systems, September 30, 2010 Other TrustwaveLLCSynapse Group, Inc. October 31, 2010 Other Neohapsis Inc.SystemPay, LLC April 30, 2010 Authorization Digital Resources Group (DRG) IPSP (E-commerce) Payment GatewayT.K. Keith Company, Inc. July 31, 2010 Other Verizon Business Network(dba Primax) Services Inc.T2 Systems, Inc. November 30, 2010 Other TrustwaveTangible Software February 28, 2010 Payment Gateway Arsenal Security GroupTD Merchant Services March 31, 2010 Authorization Telus Security SolutionsTecnicard Inc May 31, 2010 Authorization Xtrategies Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingTeleflora February 28, 2010 Hosting Provider Trustwave Payment GatewayTelekenex, Inc. June 30, 2010 Other TrustwaveTeleperformance Brazil April 30, 2010 Hosting Provider Tevora Business Solutions Inc. MOTO Payment ProcessingTeleperformance Mexico March 31, 2010 Loyalty Programs Tevora Business Solutions MOTO Payment ProcessingTeleperformance USA February 28, 2010 Hosting Provider Tevora Business Solutions MOTO Payment Processing(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 55 of 65
  • 56. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NATellme, A Microsoft September 30, 2010 MOTO Payment Processing TrustwaveSubsidiary OtherTelus Health and Financial June 30, 2010 Authorization TrustwaveService Solutions (Emergis) Payment GatewayTelvista - Grupo Tecnico de January 31, 2011 Other TrustwaveServiciosTempus Technologies May 31, 2010 Payment Gateway Fortrex TechnologiesTeranet Enterprises Inc. April 30, 2010 IPSP (E-commerce) TrustwaveTermNet Merchant Services June 30, 2010 Other TrustwaveTerremark North America, December 28, 2010 Hosting Provider AT&T Consulting Solutions,Inc. Inc.T-Gate LLC April 30, 2010 Payment Gateway TrustwaveThe Bancorp Bank April 30, 2010 IPSP (E-commerce) FishNet Security Loyalty Programs Payment GatewayThe Members Group January 31, 2010 Other RSM McGladreyTicketmaster, LLC June 30, 2010 Other Trustwave Payment Gateway Process Magnetic-Stripe TransactionsTicketNetwork, Inc. November 30, 2009 Payment Gateway 403 LabsTickets.com Advantix November 30, 2010 Authorization Trustwave Payment Gateway Process Magnetic-Stripe TransactionsTickets.com ProVenue January 31, 2011 Clearing & Settlement Trustwave IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsTickets.com ProVenue Elite July 31, 2010 Authorization Trustwave Payment Gateway Process Magnetic-Stripe TransactionsTickets.com ProVenue January 31, 2011 IPSP (E-commerce) TrustwaveOnline(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 56 of 65
  • 57. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NATickets.com ProVenue January 31, 2011 Payment Gateway TrustwaveOnlineTIES January 31, 2010 Authorization Trustwave IPSP (E-commerce) MOTO Payment Processing Payment GatewayTime Customer Service July 31, 2010 Authorization Neohapsis, Inc Other Payment GatewayTIO Networks Corp October 31, 2010 Payment Gateway SPIguard Security Solutions Inc.Total Card, Inc. May 31, 2010 Other SecurityMetrics, Inc.Total Merchant Services February 28, 2010 Clearing & Settlement Information Exchange OtherTouchNet April 30, 2010 Clearing & Settlement Trustwave Payment Gateway Process Magnetic-Stripe TransactionsTown North Bank Credit February 28, 2010 Other TrustwaveCard ServicesTranLogix, Inc April 30, 2010 IPSP (E-commerce) Trustwave Payment GatewayTRANSACT24 LIMITED December 31, 2009 Payment Gateway Evolution Security SystemsTransaction Network June 30, 2010 Other TrustwaveServices (TNS) Payment Gateway SwitchingTransaction Network June 30, 2010 Payment Gateway TrustwaveServices (TNS) – TNSPayGatewayTransaction Payment September 30, 2010 Process Magnetic-Stripe TrustwaveSystems (TPS NJ) TransactionsTransaction Processing May 31, 2010 Authorization Information ExchangePartners Clearing & Settlement Payment GatewayTransactis June 30, 2010 Clearing & Settlement INFORMATION EXCHANGE, INC Other Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 57 of 65
  • 58. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NATransbank, S.A. December 31, 2009 Authorization Xtrategies Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingTransCore April 30, 2010 Hosting Provider Trustwave Payment GatewayTransFirst May 31, 2010 Other Solutionary, Inc. Payment GatewayTransnational Bankcard, Inc. January 31, 2010 Other ValcomTransUnion Interactive, Inc. November 30, 2010 Other SecurityMetrics, Inc.TransVerse Systems April 30, 2010 Authorization INFORMATION EXCHANGE, INC Clearing & Settlement Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe TransactionsTranzact May 31, 2010 Payment Gateway TrustwaveTravelport GDS February 28, 2010 IPSP (E-commerce) TrustwaveTridata - DATALINK December 31, 2009 Other TrustwaveBANKCARD SERVICESCO.TriSource Solutions, LLC September 30, 2010 Clearing & Settlement COALFIRE SYSTEMS, INC.(formerly Nobel EFT)Tritium Card Services January 31, 2010 Other CrimsonSecurityTropical Productions June 30, 2010 Clearing & Settlement Information Exchange Other Payment GatewayTrustCommerce April 30, 2010 Payment Gateway 403 Labs Process Magnetic-Stripe Transactions SwitchingTRXSERVICES LLC October 31, 2010 Payment Gateway Coalfire Systems. Inc.TSD Rental January 31, 2010 Payment Gateway Coalfire(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 58 of 65
  • 59. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NATSYS (Issuing Processing) January 31, 2010 Issuing Processing TrustwaveTSYS Acquiring Solutions April 30, 2010 Authorization Trustwave(formerly Vital ProcessingServices) Clearing & Settlement Loyalty ProgramsTSYS Customer Insight January 31, 2010 Loyalty Programs TrustWave(ProphIT) MOTO Payment ProcessingTSYS Loyalty (IM July 31, 2010 Loyalty Programs TrustwavePlatform/TLP Platform)TSYS Managed Services - April 30, 2010 Other TrustwaveMyersville (Merlin Solutions)TSYS Merchant Solutions January 12, 2011 Authorization Trustwave Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingTSYS Prepaid July 31, 2010 Authorization Trustwave Issuing Processing MOTO Payment Processing Prepaid Card ProcessingTSYS Procard January 31, 2010 Other TrustwaveTwin Oaks February 28, 2010 MOTO Payment Processing Janus AssociatesTxVia January 31, 2010 Authorization 403 Labs Clearing & Settlement Issuing Processing Other Payment Gateway SwitchingU.S. Payments December 31, 2010 MOTO Payment Processing 403 Labs, LLC Payment GatewayUKRAINIAN NATIONAL December 31, 2010 Other Trustwave Ltd.PAYMENT CARD JSC(UKRCARD JSC)Ukrainian Processing March 31, 2010 Authorization SRC GermanyCenter (UPC) Clearing & Settlement IPSP (E-commerce)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 59 of 65
  • 60. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAUkrainian Processing March 31, 2010 Issuing Processing SRC GermanyCenter (UPC) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsUnirush, LLC (Rush Card) December 31, 2009 Payment Gateway Fortrex TechnologiesUnited Bank Card July 31, 2010 Clearing & Settlement Information ExchangeUNITED CARD SERVICE January 31, 2010 Authorization Jet Infosystems Clearing & Settlement Issuing Processing Payment Gateway SwitchingUnited Merchant Services, April 30, 2010 Authorization Arsenal Security GroupInc. (UMSI) Payment GatewayUnited Payment Services January 31, 2010 Authorization Accudata Systems Clearing & Settlement MOTO Payment Processing Payment GatewayUnited States Department March 31, 2011 Payment Gateway SecureStateof The Treasury, FinancialManagement ServiceUniteU Technologies, Inc August 31, 2010 Hosting Provider SecurityMetrics Payment GatewayUniversal Money Centers September 30, 2010 Authorization Information ExchangeInc. Clearing & Settlement Payment GatewayUrbanStyle, Inc. July 31, 2010 Hosting Provider LighthouseUS ALLIANCE GROUP, INC May 30, 2010 Other SecurityMetrics Payment GatewayUS Bank - Access Online July 31, 2010 Other TrustWaveUS Bank - ATM Banking April 30, 2010 Authorization TrustWave Clearing & Settlement Issuing Processing SwitchingUS Bank - Gaming Services April 30, 2010 Authorization TrustWave Clearing & Settlement Issuing Processing(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 60 of 65
  • 61. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAUS Bank - Gaming Services April 30, 2010 Switching TrustWaveUS Bank - Voyager July 31, 2010 Other TrustWaveUS Bank E-Payment January 31, 2010 Internet Payment Processing TrustwaveServiceUS Bank Multiservice December 31, 2010 Payment Gateway TrustwaveAviationUS Bank Retail Payment December 31, 2010 Clearing & Settlement TrustWaveSolutions - Integrated CardSystems (ICS) Issuing ProcessingUSA ePay April 30, 2010 Authorization Trustwave Clearing & Settlement Payment GatewayUSA Fulfillment, Inc. November 30, 2010 Authorization AT&T Consulting Clearing & Settlement Hosting Provider MOTO Payment Processing Payment GatewayUSA Payment Systems December 31, 2009 Authorization K3DES Clearing & Settlement Other Process Magnetic-Stripe Transactions SwitchingUSA Technologies January 31, 2010 Payment Gateway TrustwaveV.A.S.A. August 31, 2010 3-D Secure Access Control Xtrategies Server Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingValuCard Nigeria Plc October 31, 2010 3-D Secure Access Control Trustwave Server Authorization Issuing Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 61 of 65
  • 62. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAValuCard Nigeria Plc October 31, 2010 Process Magnetic-Stripe Trustwave Transactions SwitchingVALUE PAY SERVICES November 30, 2010 Clearing & Settlement IBM Security ServicesLLC, AN IPC COMPANY Payment GatewayValue Payment Systems, December 31, 2010 IPSP (E-commerce) SAICLLC. MOTO Payment Processing Payment GatewayVanco Services January 31, 2011 Payment Gateway SecurityMetrics Process Magnetic-Stripe TransactionsVarolii Corporation March 31, 2010 Other AT&T Consulting, Inc. Payment GatewayVendmore Systems, LLC November 30, 2010 Authorization Arsenal Security Group(StadiumVIP, LLC) Clearing & SettlementVentanex April 30, 2010 Payment Gateway Chief Security OfficersVenTek International November 30, 2010 Authorization Digital Resources Group (DRG) Payment GatewayVENTURE INFOTEK December 31, 2010 Authorization ControlCaseGLOBAL PVT LTD Clearing & Settlement Fraud and Chargeback Services Issuing Processing Loyalty Programs MOTO Payment ProcessingVentus Networks October 31, 2009 ATM Processing Janus AssociatesVeracity Payment Solutions December 31, 2009 Other TrustwaveVERePAY (formerly October 31, 2009 Authorization SolutionaryVEReFIED) MOTO Payment Processing Payment GatewayVerifi June 30, 2010 Clearing & Settlement Trustwave Hosting Provider Payment GatewayVeriFone - PAYware June 30, 2010 Payment Gateway TrustwaveConnect(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 62 of 65
  • 63. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAVerifone – WAY Payment October 31, 2010 Payment Gateway Network SecurityGateway Professionals, Incorporated (NetSPI)Verifone Transportation April 30, 2010 Payment Gateway Fortrex TechnologiesSystemsVerizon Business (formerly November 30, 2009 Payment Gateway TrustWaveMCI) SwitchingVerizon Business Global January 31, 2011 Payment Gateway TrustwaveServices System Integration(VB-GSSI)Verizon Business IP June 30, 2010 Hosting Provider TrustwaveApplication HostingVerizon Business Remote February 28, 2010 Other TrustwaveApplication ManagementVerizon Computing as a June 30, 2010 Hosting Provider TrustwaveServiceVerrus Mobile Technologies November 30, 2010 Authorization Trustwave MOTO Payment ProcessingVesdia April 30, 2010 Loyalty Programs Coalfire Systems. Inc.Vesta Corporation June 30, 2010 IPSP (E-commerce) AT&T Consulting, Inc.VICTORIABANK December 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingVindicia March 31, 2010 Other Payment Software Company (PSC) Payment GatewayVisa Inc. (including Visa June 30, 2010 3-D Secure Access Control TrustwaveDebit Processing) Server Authorization Clearing & Settlement Hosting Provider IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 63 of 65
  • 64. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAVisa Inc. (including Visa June 30, 2010 Process Magnetic-Stripe TrustwaveDebit Processing) Transactions SwitchingVisa Intellilink December 31, 2010 Other TrustwaveVisa Processing Services January 31, 2011 Authorization SISA Information SecurityPte Ltd Pvt Ltd., Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingVitalChek October 31, 2010 MOTO Payment Processing Trustwave Process Magnetic-Stripe TransactionsVoice Data Solutions October 31, 2009 Payment Gateway TrustwaveVolusion January 31, 2010 Hosting Provider Payment Software Company (PSC)VXI Global Solutions, Inc October 31, 2010 MOTO Payment Processing TrustwaveWageWorks April 30, 2010 Clearing & Settlement RSM McGladrey Loyalty ProgramsWashington Metropolitan December 31, 2009 Authorization ControlCaseArea Transit Authority Payment GatewayWEB ACTIVE August 31, 2010 Payment Gateway Securus GlobalCORPORATION PTY LTD(eWay)West - Managed Call December 31, 2010 Other Continuum WorldwideCenter Services CorporationWest at Home September 30, 2010 Other Continuum WorldwideWest Business Services: April 30, 2010 MOTO Payment Processing TrustwaveWBS Data VaultWest Direct - Direct April 30, 2010 MOTO Payment Processing TrustwaveResponseWest Direct - Smartsell October 31, 2010 Other TrustwaveWest Interactive DataGuard April 30, 2010 MOTO Payment Processing TrustwaveWipro Limited September 30, 2010 Other SISA Information Security Pvt Ltd(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 64 of 65
  • 65. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAWiretrust July 31, 2010 Payment Gateway Coalfire Systems. Inc.World Access Service February 28, 2010 Other SecureWorksCorporationXtec April 30, 2010 Authorization Information Exchange Clearing & Settlement Payment GatewayYahoo! Stores November 30, 2009 IPSP (E-commerce) AccuvantYapstone Inc. April 30, 2010 MOTO Payment Processing SecurityMetrics Payment GatewayYes Group Limited February 28, 2010 Payment Gateway Evolution Security SystemYes-Pay International Ltd. July 31, 2010 IPSP (E-commerce) FortconsultYoung America January 31, 2010 Loyalty Programs Trustwave MOTO Payment ProcessingZagrebačka banka d.d. January 31, 2011 Authorization IBM Polska Clearing & SettlementZEUS Corporation October 31, 2010 Authorization NTT Data Security Corporation Clearing & Settlement IPSP (E-commerce) Payment GatewayZirMed, Inc. April 30, 2010 Other 403 Labs Payment GatewayZuora, Inc. June 30, 2010 Authorization Digital Resources Group (DRG) Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 65 of 65