PCIService Providers

677 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
677
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PCIService Providers

  1. 1. Visa’s Global Registry of Service Providers - PCI DSS Validated EntitiesAs Of 1/19/2011The companies listed below were validated as being PCI DSS compliant by a QSA as of the "VALIDATIONDATE". Service providers are required to revalidate their compliance to Visa on an annual basis, with the nextannual Report on Compliance (ROC) due to Visa one year from the "VALIDATION DATE". ROCs that are from 1-60 days late are noted in yellow and ROCs that are from 60-90 days late are noted in red. Entities with ROCsover 90 days past due are removed from this list. Entities are listed in each Visa region where they have beenregistered by at least one client, including: AP - Asia Pacific, CEMEA - Central Europe / Middle East / Africa,LAC - Latin America / Caribbean, NA - North America - Canada / United States. Visa clients are responsible forand are required to use compliant service providers and to follow up with service providers directly if there are anyquestions about their compliance status.List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NA1ShoppingCart.com June 30, 2010 Other Security Metrics Payment Gateway1st Americard March 31, 2010 Other Fortrex Technologies1stPayGateway, LLC May 31, 2010 Authorization Internet Security Systems (a wholly owned IBM company) Payment Gateway3dCart March 31, 2010 Hosting Provider SecurityMetrics Payment Gateway3Delta Systems September 30, 2010 Authorization Fortrex Technologies MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching800 Call KC May 31, 2010 MOTO Payment Processing Accudata Systems Payment GatewayA3 IT Solutions November 30, 2010 Hosting Provider TrustwaveAAFES July 31, 2010 IPSP (E-commerce) IBM Security Services Payment Gateway Process Magnetic-Stripe Transactions SwitchingAbanco, LLC February 28, 2010 Payment Gateway Trustwave Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 1 of 65
  2. 2. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAABC FINANCIAL May 31, 2010 Authorization TrustwaveSERVICES, INC Clearing & Settlement Hosting Provider IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsABC Virtual November 30, 2009 Hosting Provider Lighthouse ComputerCommunications, Inc. Services Payment GatewayAccel Networks January 31, 2010 Other TrustwaveAccelerated Payment July 31, 2010 Authorization TrustwaveTechnologies Inc IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe TransactionsACCENT Marketing May 31, 2010 MOTO Payment Processing Crowe HorwathAccertify February 28, 2010 Other Halock Security LabsAccesso, LLC February 28, 2010 Clearing & Settlement Trustwave Payment GatewayAccountNow June 30, 2010 Other TrustwaveAcculynk February 28, 2010 Payment Gateway TrustwaveACH Direct November 30, 2009 Payment Gateway RSM McGladreyAchieve Financial Services, November 30, 2010 Issuing Processing INFORMATIONLLC EXCHANGE, INCACI Worldwide April 30, 2010 Other Solutionary, IncACI Worldwide - Winn-Dixie September 30, 2010 Payment Gateway SolutionaryEnvironment Process Magnetic-Stripe Transactions SwitchingACS Government and August 31, 2010 Hosting Provider SecurityMetricsCommunity Solutions Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 2 of 65
  3. 3. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAACS Government and August 31, 2010 Process Magnetic-Stripe SecurityMetricsCommunity Solutions TransactionsAdeptra December 31, 2010 Other ProtivitiAdvanced Network, Inc. October 31, 2009 Authorization Information Exchange Inc. Clearing & Settlement Payment GatewayAdvantex Dining Corporation March 31, 2010 Loyalty Programs Datassurant, Inc.Adyen B.V. May 31, 2010 Internet Payment Processing TrustwaveAegis Communications December 31, 2009 Other K3DESAEGIS USA, INC. May 31, 2010 Other VerisignAffiliated Acceptance October 31, 2010 MOTO Payment Processing TrustwaveCorporation Payment GatewayAffinion Loyalty Group February 28, 2011 Loyalty Programs Trustwave(formerly Trilegiant)Affinity Solutions November 30, 2009 Loyalty Programs SolutionaryAgilysys, Inc. July 31, 2010 Payment Gateway TrustwaveAirlines Reporting February 28, 2010 Clearing & Settlement AT&T Consulting Solutions,Corporation Inc.Akamai September 30, 2010 Other Neohapsis Inc.AL BILAD BANK October 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingAlacriti December 31, 2009 Payment Gateway IGX GlobalAlaska Option Services April 30, 2010 Authorization K3DES Clearing & Settlement Issuing Processing SwitchingAlignet, S.A.C December 31, 2010 3-D Secure Access Control Xtrategies Server IPSP (E-commerce) Other(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 3 of 65
  4. 4. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAAlignet, S.A.C December 31, 2010 Payment Gateway XtrategiesAlliance Data - Remittance May 31, 2010 Other Verizon Business NetworkProcessing Services Inc.Alliance Data - Retail January 31, 2010 Authorization Verizon BusinessServices Clearing & Settlement Issuing Processing Loyalty ProgramsAlliance Entertainment August 31, 2010 Authorization Solutionary Inc. IPSP (E-commerce) Payment GatewayAllianceOne Inc. May 31, 2010 Other Tevora Business SolutionsAlta Resources April 30, 2010 Other IBM Internet Security SystemsAmazon.com October 31, 2010 Other IOActive, Inc.AmegyBank December 31, 2009 Other Verizon Business Payment GatewayAmerican Bancard June 30, 2010 Other Enterprise Risk Management, Inc.American Data Technology April 30, 2010 Hosting Provider Specialized Security Services, IncAmericaneagle.com November 30, 2010 Hosting Provider Fortrex TechnologiesAOC Solutions, Inc October 31, 2009 Other Fortrex TechnologiesAOL, Inc. September 30, 2010 Authorization IOActive Clearing & Settlement MOTO Payment Processing Payment GatewayApriva, LLC July 31, 2010 Clearing & Settlement Trustwave IPSP (E-commerce) Loyalty Programs Payment Gateway Process Magnetic-Stripe Transactions SwitchingArab Financial Services July 31, 2010 Payment Processing SISACompanyArcot Systems December 31, 2009 3-D Secure Access Control Payment Software company Server (PSC)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 4 of 65
  5. 5. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAArgenbright – Skybridge August 31, 2010 Other TrustwaveMarketing Group -Customer ServiceAria Systems December 31, 2010 Payment Gateway TrustWaveAriba Inc May 31, 2010 Other Payment Software company (PSC)Arise Virtual Solutions May 31, 2010 Other AT&T Consulting SolutionsArmenian Card CJSC December 31, 2009 Authorization Informzaschita Clearing & Settlement Issuing Processing SwitchingArt Technology Group (ATG) November 30, 2010 Hosting Provider Trustwave IPSP (E-commerce)Artez Interactive Inc December 31, 2010 Payment Gateway IBM Security ServicesArvato Finance Services July 31, 2010 Clearing & Settlement Acertigo AG - An EXCELSISLimited Company IPSP (E-commerce) Payment GatewayASIAPAY (HONG KONG) November 30, 2009 IPSP (E-commerce) TrustwaveLTD Payment GatewayAsociacion Cibao de September 30, 2010 Authorization TrustwaveAhorros y Prestamos Issuing ProcessingAssist July 31, 2010 Payment Gateway SRC GermanyASUREPAY PTY LTD July 31, 2010 IPSP (E-commerce) BridgepointAT&T Managed Hosting October 31, 2010 Hosting Provider Trustwaveand Application ServicesAT&T Managed Services - October 31, 2010 Other TrustwaveAT&T Encryption ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveAT&T Enhanced VPNServices, AT&T VPNServices, AT&T PrivateNetwork Transport ServicesAT&T Managed Services - May 31, 2010 Other TrustwaveAT&T Network Based IPVPN Remote AccessService / AT&T VPNTunneling Service(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 5 of 65
  6. 6. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAAT&T Managed Services - July 31, 2010 Other TrustwaveEndpoint SecurityAT&T Managed Services - July 31, 2010 Other TrustwaveIntrusion DetectionServices/IntrusionPrevention ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveIP Telephony and LANServicesAT&T Managed Services - July 31, 2010 Other TrustwaveManaged Router ServicesAT&T Managed Services - July 31, 2010 Other TrustwaveNetwork Based FirewallAT&T Managed Services - July 31, 2010 Other TrustwavePremise Based FirewallAT&T Managed Services - July 31, 2010 Other TrustwaveTransaction Routing ServiceAT&T Managed Services - July 31, 2010 Other TrustwaveVoiceToneAT&T Synaptic Hosting October 31, 2010 Hosting Provider TrustwaveATCO I-TEK INC. August 31, 2010 Other Control GapATOS ORIGIN SERVICES April 30, 2010 Authorization TUV Rheinland(M) SDN BHD Clearing & Settlement Hosting Provider Issuing ProcessingAudienceView Ticketing August 31, 2010 Other NCI (Net Cyclops Inc.)CorporationAuric Systems International October 31, 2010 Other PSCAuthorize.NET November 30, 2010 Payment Gateway TrustwaveAutoscribe Corporation June 30, 2010 Other Fortrex Technologies Payment GatewayAVF Consulting, Inc. July 31, 2010 Payment Gateway igxglobalB3 Corp February 28, 2010 Payment Gateway Digital Resources Group (DRG)Bank of America Merchant March 31, 2010 Clearing & Settlement TrustwaveServices Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 6 of 65
  7. 7. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NABank Zenit November 30, 2010 Authorization Jet Infosystems Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingBankCard USA November 30, 2010 Other 403 LabsBankserv September 30, 2010 Payment Gateway RSM McGladrey Inc.Bankserv Credit Card October 31, 2010 Payment Gateway TrustwaveServices, Inc.Banque Misr July 31, 2010 Authorization ControlCase LLC Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway SwitchingBeanstream Internet September 30, 2010 IPSP (E-commerce) SPIGuard Security SolutionsCommerce Inc. Inc MOTO Payment Processing Payment GatewayBenson Records November 30, 2009 Other FishNet SecurityManagement CenterBill 1st, LLC July 31, 2010 Other Chief Security Officers, LLCBillMatrix February 28, 2010 Payment Gateway TrustwaveBilltrust October 31, 2010 Payment Gateway Chief Security Officers, LLCBlackbaud - eTapestry September 30, 2010 Other TrustwaveBlackbaud - Internet September 30, 2010 Other TrustwaveServicesBlackbaud Payment February 28, 2010 Payment Gateway TrustwaveServicesBlackhawk Network May 31, 2011 Authorization Verizon Business Clearing & Settlement Hosting Provider Issuing Processing Payment Gateway Switching(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 7 of 65
  8. 8. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NABlue Bamboo, Inc October 31, 2009 Authorization Digital Resources Group (DRG) Payment GatewayBluefin Payment Systems October 31, 2009 Payment Gateway 403 LabsBluePay May 31, 2010 Other Trustwave Payment GatewayBraintree Payment Solutions February 28, 2010 Other TrustwaveBrinkman Financial January 31, 2010 Authorization K3DES MOTO Payment ProcessingBSG Payments (formerly November 30, 2009 Payment Gateway TrustwaveBilling Concepts)Business Data Record November 30, 2009 Other RSM McGladreyServicesCale Access AB (Cale November 30, 2010 Other TrustwaveSystems) Payment Gateway Process Magnetic-Stripe TransactionsCaledon Card Services May 31, 2010 Authorization SPIguard Security Solutions Inc. Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCalypso Canada January 31, 2011 Switching TrustwaveCamis, Inc. October 31, 2010 IPSP (E-commerce) SPIguard Security Solutions Inc. MOTO Payment ProcessingCantaloupe Systems, Inc. September 30, 2010 Authorization 403 Labs, LLC Clearing & Settlement Payment Gateway Process Magnetic-Stripe TransactionsCapital Bankcard October 31, 2009 MOTO Payment Processing Trustwave Payment GatewayCapital Card Services April 30, 2010 MOTO Payment Processing Trustwave OtherCard Management Corp. August 31, 2010 Other Crowe ChizekCardCana Corporation November 30, 2009 Authorization IGX Global(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 8 of 65
  9. 9. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACardCana Corporation November 30, 2009 Payment Gateway IGX GlobalCARDFLEX INC. September 30, 2010 Authorization K3DES LLC MOTO Payment Processing Other Payment GatewayCardinal Commerce Corp. December 31, 2010 3-D Secure Access Control Payment Software Company Server (PSC) Payment GatewayCARDLINK SERVICES June 30, 2010 Clearing & Settlement VectraLIMITED MOTO Payment Processing Payment GatewayCardStandard April 30, 2010 Authorization IBM Internet Security Systems Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsCardtronics EFT May 31, 2010 Other K3DES Process Magnetic-Stripe Transactions SwitchingCardworks Processing August 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment GatewayCardworks Servicing LLC February 28, 2010 Other TrustwaveCarlson Marketing March 31, 2010 Loyalty Programs TrustwaveWorldwide (Visa Data Track)Carlson Marketing June 30, 2010 Loyalty Programs TrustwaveWorldwide (Visa Extras)Cart 32 August 31, 2010 Hosting Provider Accuvant IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe TransactionsCartManager February 10, 2010 IPSP (E-commerce) Trustwave Payment Gateway Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 9 of 65
  10. 10. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACashLINQ Group, LLC August 31, 2010 MOTO Payment Processing SecurityMetrics Payment Gateway Process Magnetic-Stripe TransactionsCashN Go May 31, 2010 Payment Gateway Trustwave Process Magnetic-Stripe TransactionsCASHNet December 31, 2010 IPSP (E-commerce) 403 Labs, LLC MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCB AGROPROMCREDIT November 30, 2010 Authorization EVRAAS.I.T Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe TransactionsCBC Companies, Inc April 30, 2010 Other Verizon Business, IncCBCInnovis, Inc. April 30, 2010 Other VerizonCBORD Group February 28, 2010 Payment Gateway TrustwaveCboss November 30, 2010 Payment Gateway SecurityMetricsCCBill January 31, 2010 Authorization Chief Security Officers Clearing & Settlement IPSP (E-commerce)CDMS MERCHANT December 31, 2010 Other Enterprise Risk ManagementSERVICES, INC.CDW Hosting and Managed October 31, 2010 Hosting Provider TrustwaveServicesCenPos January 31, 2010 Payment Gateway Enterprise Risk ManagementCenter Partners October 31, 2010 Other IDEA Information SecurityCentershift October 31, 2010 Hosting Provider Security Metrics Payment GatewayCentral States Indemnity October 31, 2010 Other Continuum Worldwide CorporationCentrix Bank – LockBox May 31, 2010 MOTO Payment Processing SecurityMetricsService Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 10 of 65
  11. 11. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACentury Bankcard Services May 31, 2010 Clearing & Settlement Information Exchange OtherCertain Software October 31, 2010 Payment Gateway Coalfire SystemsCHARGE Anywhere April 30, 2010 Payment Gateway TrustwaveChargeback Guardian November 30, 2010 Other SecurityMetrics Payment GatewayChase Loyalty Solutions December 31, 2010 Authorization Trustwave Clearing & Settlement Loyalty Programs Payment Gateway SwitchingChase Paymentech January 31, 2010 Authorization TrustwaveSolutions, LLC. Clearing & Settlement Loyalty ProgramsCheck21.com LLC May 31, 2010 Payment Gateway Enterprise Risk ManagementChip Card Ad Beograd April 30, 2010 Authorization VOC - Consultancy Clearing & Settlement SwitchingCintas Document June 30, 2010 Other SecureState ConsultingManagement ShreddingCintas Document June 30, 2010 Other SecureState ConsultingManagement StorageClearent April 30, 2010 Authorization Coalfire Clearing & Settlement Payment Gateway SwitchingClearTran January 31, 2010 Payment Gateway SecurityMetricsClient Services January 31, 2010 Other InsightCobre Bem June 30, 2010 IPSP (E-commerce) ecipher MOTO Payment Processing Payment GatewayCollections Marketing December 31, 2009 Other 403 LabsCenter, Inc. Payment GatewayColumbus Data January 31, 2010 Authorization Information Exchange Clearing & Settlement Other Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 11 of 65
  12. 12. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACommerceV3 November 30, 2010 Hosting Provider Fortrex Technologies Payment GatewayCompass Plus Ltd. November 30, 2010 Authorization Trustwave Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingComplianthost.com, a GSI May 31, 2010 Hosting Provider SAS 70 SolutionsService OfferingComputer Services, Inc. September 30, 2010 Authorization Crowe Horwath Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingConcur - Gelco August 31, 2010 Other Verizon BusinessConcur - Redmond June 30, 2010 Other Verizon BusinessConsumer Benefit Services March 31, 2010 Loyalty Programs TrustwaveContact Solutions April 30, 2010 MOTO Payment Processing SecurityMetrics, Inc. Payment GatewayConvergys CCMS April 30, 2010 Other Fortrex TechnologiesConvergys Encore March 31, 2010 Payment Gateway Fortrex TechnologiesConvergys Home Agent July 31, 2010 Payment Transmission Fortrex Technologies ServiceConvergys Intervoice July 31, 2010 Other Fortrex TechnologiesConvio, Inc. January 31, 2010 Payment Gateway TrustwaveCO-OP Financial Services April 30, 2010 Authorization Tevora Business Solutions Inc Clearing & Settlement Loyalty Programs Other Payment Gateway SwitchingCORE Business July 31, 2010 Authorization TrustwaveTechnologies Hosting Provider(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 12 of 65
  13. 13. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACORE Business July 31, 2010 IPSP (E-commerce) TrustwaveTechnologies MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCoreCommerce December 31, 2009 Payment Gateway Chief Security OfficersCRE Secure July 31, 2010 Payment Gateway Coalfire Systems, Inc.Credibanco Visa Colombia April 30, 2010 Authorization Xtrategies Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingCredit Discovery December 31, 2009 Clearing & Settlement Information Exchange OtherCreditCall Communications January 31, 2010 Authorization ForegenixLtd. Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsCrescent Processing October 31, 2010 Other SecurityMetricsCompany Payment GatewayCroem, Inc. October 31, 2010 MOTO Payment Processing TrustwaveCSG Content Direct March 31, 2010 Authorization Solutionary IPSP (E-commerce) Payment GatewayCSG Systems - Data Prose May 31, 2010 IPSP (E-commerce) Solutionary OtherCSG Systems, Inc. - April 30, 2010 Payment Gateway SolutionaryInteractive MessagingCSG Systems, Inc. – April 30, 2010 Authorization SolutionaryStatement and AccountBilling Services IPSP (E-commerce) Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 13 of 65
  14. 14. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NACSI Software October 31, 2010 Hosting Provider Trustwave Payment GatewayCSU CardSystem S.A. September 30, 2010 Authorization Trustwave Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions SwitchingCvent August 31, 2010 Other FishNet SecurityCybera April 30, 2010 Switching FishNet SecurityCyberSource (a Visa August 31, 2010 Payment Gateway Trustwavecompany)Cynergy Data August 31, 2010 IPSP (E-commerce) Coalfire Systems. Inc. MOTO Payment Processing Payment Gateway Process Magnetic-Stripe TransactionsD.M.inSite July 31, 2010 Payment Gateway SecurityMetricsData Delivery Services July 31, 2010 Other CoalfireData Paradigm July 31, 2010 Other Crowe Horwath LLPData Stream February 28, 2010 Authorization Information Exchange Clearing & Settlement Other Payment GatewayDataline Systems December 31, 2009 Other TrustwaveDatapak Services May 31, 2010 Authorization TrustwaveCorporation Hosting Provider Payment GatewayDataTrax Technologies January 31, 2011 Payment Gateway SecurityMetrics, Inc.DAXKO April 30, 2010 IPSP (E-commerce) IBM Security ServicesDebit Plus Technologies, February 28, 2010 Other Specialized Security ServicesLLCDebit Technologies, Inc May 31, 2010 Clearing & Settlement Information Exchange(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 14 of 65
  15. 15. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NADebit Technologies, Inc May 31, 2010 Other Information ExchangeDelphis Software November 30, 2009 Authorization Digital Resources Group (DRG) Payment GatewayDemandware June 30, 2010 Hosting Provider SecurityMetrics IPSP (E-commerce) Payment GatewayDenarii Systems January 31, 2010 Authorization Security Works Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingDHD Media June 30, 2010 Clearing & Settlement Trustwave Payment GatewayDiamond Marketing September 30, 2010 Other Halock Security LabsSolutionsDiebold, Inc. December 31, 2010 Authorization Verizon Business Network Services Inc. SwitchingDigital Network Solutions April 30, 2010 Authorization Information Exchange(DNS) DBA Moneytree ATM Clearing & Settlement Payment GatewayDigital Payment May 31, 2010 Payment Gateway Payment Software companyTechnologies (PSC)Digital River July 31, 2010 IPSP (E-commerce) NetSPI Payment GatewayDirect Alliance Corp November 30, 2009 MOTO Payment Processing AT&T Consulting Solutions, Inc. OtherDirect Mail Processors January 31, 2010 Payment Gateway Fortrex TechnologiesDonor.com June 30, 2010 Authorization Coalfire Hosting Provider IPSP (E-commerce) MOTO Payment Processing Other(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 15 of 65
  16. 16. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NADST Output, LLC. - November 30, 2010 Payment Gateway FishNet Security, Inc.PaymentDuncan Professional October 31, 2010 Payment Gateway SecurityMetrics, Inc.Account Management(PAM)Duncan Technologies June 30, 2010 Payment Gateway SecurityMetricsDydacomp Complete May 31, 2010 IPSP (E-commerce) Coalfire Systems, Inc.CommerceEbocom, LLC April 30, 2010 Clearing & Settlement CyberTrustEchoSat Communications September 30, 2010 Other ComplyGuard Networks Inc.eCommLink November 30, 2009 Authorization RSM McGladrey Hosting Provider IPSP (E-commerce) Issuing Processing Loyalty ProgramsEdhance Inc. July 31, 2010 Loyalty Programs PSC LLCEFX March 31, 2010 Authorization T3i Clearing & Settlement Issuing Processing Payment Gateway SwitchingeGate Payment August 31, 2010 IPSP (E-commerce) SysnetTechnologies Ltd MOTO Payment Processing Payment GatewayElan Financial Services April 30, 2010 Authorization TrustWave Clearing & Settlement Issuing Processing SwitchingElan Financial Services December 31, 2009 Issuing Processing TrustwaveCredit Card IssuingElavon (formerly NOVA) May 31, 2010 Authorization TrustWave Clearing & Settlement Other Payment Gateway Process Magnetic-Stripe TransactionsElavon (formerly Southern September 30, 2010 Authorization TrustwaveDatacomm) IPSP (E-commerce)(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 16 of 65
  17. 17. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAElavon (formerly Southern September 30, 2010 Process Magnetic-Stripe TrustwaveDatacomm) Transactions SwitchingElavon Canada (formerly July 31, 2010 Payment Gateway TrustwaveInternet Secure)Elavon Fusebox November 30, 2010 Authorization Trustwave Clearing & Settlement Other Payment Gateway Process Magnetic-Stripe TransactionsELECTRA CARD May 31, 2010 Authorization ControlCaseSERVICES PVT. LTD. Clearing & Settlement Issuing Processing Loyalty Programs Process Magnetic-Stripe TransactionsElectronic Merchant April 30, 2010 Other TrustwaveSystemsElectronic Payment April 30, 2010 Authorization Payment Software CompanyExchange (EPX) (PSC) Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingElectronic Payments Inc July 31, 2010 Authorization Information Exchange Clearing & Settlement Loyalty Programs OtherElectronic Processing January 31, 2010 Clearing & Settlement Information ExchangeServices OtherElement Payment Services November 30, 2010 Clearing & Settlement Information Exchange Other Payment GatewayEmdeon March 31, 2010 IPSP (E-commerce) Lattimore Black Morgan and Cain Process Magnetic-Stripe Transactions(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 17 of 65
  18. 18. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAEMN8 POS Managed November 30, 2010 Other Tevora Business SolutionsServices Payment GatewayEnacomm, Inc. March 31, 2010 Hosting Provider True Digital SecurityEncircle December 31, 2009 Other Enterprise Risk ManagementENETS PTE LTD November 30, 2009 Payment Gateway VectraenStage Software Pvt Ltd December 31, 2010 3-D Secure Access Control Control Case ServerePayData October 31, 2010 Clearing & Settlement Information Exchange Payment GatewayEpicor March 31, 2010 Authorization Trustwave Payment GatewayEpoch November 30, 2010 IPSP (E-commerce) ProtivitieProcessing Network April 30, 2010 Payment Gateway TrustwaveEpsilon Data Management August 31, 2010 Loyalty Programs Verizon BusinessEquiant Financial Services, November 30, 2010 IPSP (E-commerce) Chief Security Officers, LLCLLC MOTO Payment ProcessingEscalate Retail Incorporated October 31, 2009 E-Commerce Trustwave Order FulfillmentEURONET SERVICES April 30, 2010 Issuing Processing ControlCaseINDIA PVT. LTD. Process Magnetic-Stripe TransactionsEuroPlanet April 30, 2010 Authorization Trustwave MOTO Payment Processing Process Magnetic-Stripe TransactionsEVERTEC Latinoamerica / December 29, 2010 Authorization XtrategiesATH Costa Rica Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingEVO Merchant Services October 31, 2010 Clearing & Settlement Trustwave(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 18 of 65
  19. 19. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAEvolution Benefits December 31, 2009 Other Lighthouse Computer ServicesE-xact Transactions May 31, 2010 Payment Gateway TrustwaveExcellence in Motivation November 30, 2010 Authorization Information Exchange Clearing & Settlement Issuing Processing Payment GatewayExperian September 30, 2010 IPSP (E-commerce) Verizon Business OtherExtraMeasures May 31, 2010 Other CoalfireEZFacility.com August 31, 2010 Payment Gateway TrustwaveEzic, Inc. July 31, 2010 Authorization Information Exchange Clearing & Settlement MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe TransactionsezRez Software October 31, 2010 Hosting Provider Payment Software company (PSC)Faith Direct July 31, 2010 Other CrimsonSecurityFédération des caisses August 31, 2010 Authorization TrustwaveDesjardins du Québec Issuing Processing Process Magnetic-Stripe TransactionsFidelity Information November 30, 2009 Authorization IBM – Internet SecurityServices - Australasia Systems (ISS Clearing & Settlement Payment Gateway SwitchingFidelity Information December 31, 2009 Authorization IBM Internet SecurityServices - Chicago Authnet Systems Clearing & Settlement Issuing Processing Payment Gateway SwitchingFidelity Information May 31, 2010 Payment Gateway IBM Internet SecurityServices - Clear Commerce Systems(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 19 of 65
  20. 20. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFidelity Information April 30, 2010 Issuing Processing TrustwaveServices - eFunds PrepaidSolutions Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe TransactionsFidelity Information March 31, 2010 Other IBM Internet SecurityServices - eZCard Charlotte SystemsFidelity Information January 31, 2010 Other IBM Internet SecurityServices - Lisle Remittance SystemsProcessingFidelity Information June 30, 2010 Loyalty Programs TrustwaveServices - Loyalty CardProcessingFidelity Information April 30, 2010 Authorization TrustwaveServices - Norcross DebitCard Processing Clearing & Settlement Process Magnetic-Stripe TransactionsFidelity Information February 28, 2010 Other IBM Internet SecurityServices - Output Solutions SystemsSan AntonioFidelity Information May 31, 2010 MOTO Payment Processing TrustwaveServices - PaymentProcessing and DataCenter Little Rock, AR Process Magnetic-Stripe TransactionsFidelity Information September 30, 2010 Other IBM Internet SecurityServices - Plainview SystemsFidelity Information April 30, 2010 Authorization TrustwaveServices - Processadora eServicos S.A. Brazil Issuing Processing MOTO Payment Processing Process Magnetic-Stripe TransactionsFidelity Information January 31, 2011 Clearing & Settlement TrustwaveServices - PSS India Issuing Processing SwitchingFidelity Information September 30, 2010 MOTO Payment Processing TrustwaveServices - St. Petersburg(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 20 of 65
  21. 21. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFidelity Information March 31, 2010 Authorization IBM Internet SecurityServices - St. Petersburg Systems (ISS)Check Clearing & SettlementFidelity Information January 31, 2010 Other IBM Internet SecurityServices - Web Vault Systems (ISS)Fidelity Information September 30, 2010 Authorization TrustwaveServices (FIS) ElectronicPayments, New Berlin WI Clearing & Settlement Payment Gateway SwitchingFidelity Information September 30, 2010 Other TrustwaveServices Global BusinessSolutions India PrivateLimited (FIS GBS)Fifth Gear August 31, 2010 IPSP (E-commerce) Trustwave Payment GatewayFifth Third Processing June 30, 2010 3-D Secure Access Control TrustwaveSolutions - Issuing and ServerSwitch-Providing Systems Authorization Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions SwitchingFifth Third Processing June 30, 2010 Authorization TrustwaveSolutions-Acquiring Systems Clearing & Settlement Process Magnetic-Stripe TransactionsFinancial Transmission January 31, 2010 Payment Gateway TrustwaveNetwork IncFinexus International Sdn July 31, 2010 Authorization TruswaveBhd Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions SwitchingFirst American Payment June 30, 2010 Clearing & Settlement IBM Internet SecuritySystems Systems(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 21 of 65
  22. 22. List of Compliant Service Providers - All VALIDATION SERVICES SERVICE PROVIDER DATE COVERED BY REVIEW (1) ASSESSOR AP CEMEA LAC NAFirst American Payment June 30, 2010 Payment Gateway IBM Internet SecuritySystems SystemsFirst Atlantic Commerce, March 31, 2010 Clearing & Settlement CoalfireLTD. MOTO Payment Processing Payment Gateway SwitchingFirst Data - Cono Sur S.R.L. March 31, 2010 Authorization Trustwave Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data - Merchant September 30, 2010 Authorization TrustwaveServices Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data Buypass (First September 30, 2010 Authorization TrustwaveData Concord PaymentServices) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SwitchingFirst Data CAC (Processing March 31, 2010 Authorization TrustWaveCenter, S.A.) Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that thosesecurity controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be usedor sold by these service providers.* Current PCI DSS status is under review.Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required tosubmit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on thislist indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independentQualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visahas sole discretion to include or exclude entities on this list.© 2011 Visa Inc. 22 of 65

×