Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
As Of 4/9/2012
The companies listed below were validated as being PCI DSS compliant by a QSA as of the "VALIDATION DATE". Service providers are required to revalidate their compliance to Visa on an annual basis, with the next annual Report on Compliance (ROC) due to Visa one year from the "VALIDATION DATE". ROCs that are from 160 days late are noted in yellow and ROCs that are from 60-90 days late are noted in red. Entities with ROCs over 90 days past due are removed from this list. Entities are listed in each Visa region where they have been registered by at least one client, including: AP - Asia Pacific, CEMEA - Central Europe / Middle East / Africa, LAC - Latin America / Caribbean, NA - North America - Canada / United States. Visa client's are responsible for and are required to use compliant service providers and to follow up with service providers directly if there are any questions about their compliance status.
1st Americard
nGuard Inc.
Trustwave Trustwave
Accesso, LLC
Trustwave
MOTO Payment Processing Payment Gateway Active Network October 31, 2011 Back Office Services Payment Processing Internet Payment Processing - POS Adaptive Payments, Inc. Adeptra Advam Pty Ltd November 30, 2011 December 31, 2011 December 31, 2011 Payment Gateway Other Authorization IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe Transactions Advantex Dining Corporation March 31, 2012 Adyen B.V. May 31, 2011 Loyalty Programs Clearing & Settlement IPSP (E-commerce) Other Payment Gateway Aegis Communications December 31, 2011 Other Payment Gateway AEGIS USA, INC. December 31, 2011 Other Payment Processing MOTO Aetna, Inc. May 31, 2011 Clearing & Settlement Other Affiliated Acceptance Corporation October 31, 2011 MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 3 of 80 Trustwave Trustwave AT&T Consulting Solutions, Inc. K3DES Datassurant, Inc. Trustwave 403 Labs, LLC Protiviti CQR Consulting Pty Ltd Protiviti, Inc.
Alignet, S.A.C
Xtrategies
Merchant Services Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Payment Processing - POS ASF International August 31, 2011 IPSP (E-commerce) MOTO Payment Processing Payment Gateway ASIAPAY (HONG KONG) LTD November 30, 2011 Payment Gateway/Switch Payment Processing Internet Asociacion Cibao de Ahorros y Prestamos AT&T Managed Hosting and Application Services AT&T Managed Services AT&T Encryption Services AT&T Managed Services AT&T Enhanced VPN Services, AT&T VPN Services, AT&T Private Network Transport Services September 30, 2011 Authorization Issuing Processing October 31, 2011 October 31, 2011 July 31, 2011 Hosting Provider Managed Services Managed Services Trustwave Trustwave Trustwave Trustwave Trustwave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 6 of 80
Network Provider/Transmitter AT&T Managed Services Endpoint Security AT&T Managed Services Intrusion Detection Services/Intrusion Prevention Services AT&T Managed Services IP Telephony and LAN Services AT&T Managed Services Managed Router Services AT&T Managed Services Network Based Firewall AT&T Managed Services Premise Based Firewall July 31, 2011 July 31, 2011 Managed Services Managed Services Trustwave Trustwave
Managed Services
Trustwave
Managed Services Managed Services Managed Services Managed Services Hosting Provider Other
AT&T Managed Services July 31, 2011 Transaction Routing Service AT&T Synaptic Compute as a Service (CaaS) AT&T Synaptic Hosting AT&T Synaptic Platform as a Service (PaaS) AT&T Synaptic Storage as a Service (SaaS) AT&T VoiceTone & Interactive Voice Services Advanced Plus AT&T WiFi Services Athenahealth, Inc. January 31, 2012
Trustwave Trustwave
Trustwave
Data Preparation
Trustwave
Managed Services January 31, 2012 October 31, 2011 Payment Processing Internet MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 7 of 80 TrustWave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 8 of 80
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 10 of 80
Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Cardtronics EFT May 31, 2011 Other Process Magnetic-Stripe Transactions Switching Cardworks Processing August 31, 2011 Authorization IPSP (E-commerce) Payment Gateway Cardworks Servicing LLC February 28, 2012 Back Office Services Trustwave Trustwave K3DES
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 11 of 80
April 30, 2011 April 30, 2011 February 28, 2012 November 30, 2011
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 12 of 80
Centre de services partags February 28, 2012 du Qubec Centrix Bank - LockBox Service Century Bankcard Services May 31, 2011 May 31, 2012
403 Labs
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 14 of 80
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 16 of 80
Credomatic de El Salvador
Xtrategies, LLC
Credomatic de Guatemala
Xtrategies, LLC
Solutionary
Billing Management Payment Gateway/Switch Payment Processing Internet Records Management CSI Software December 31, 2011 Hosting Provider Payment Gateway Account Management Back Office Services Billing Management Clearing & Settlement (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 18 of 80 Trustwave
Trustwave
CT-Paiement Inc.
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 19 of 80
Trustwave Trustwave
Davis & Henderson G.P. Inc September 30, 2011 DAXKO April 30, 2011
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 20 of 80
Accuvant, Inc.
Direct Insite
drugstore.com, inc.
Coalfire
Account Management
SecurityMetrics, Inc.
Billing Management Payment Gateway/Switch Records Management EarthLink Business EC Suite July 31, 2011 August 31, 2011 Network Provider/Transmitter IPSP (E-commerce) Other ECARD SOLUTIONS LTD May 31, 2011 Authorization Clearing & Settlement Issuing Processing MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 21 of 80 Ambersail Ltd Neohapsis Inc. Coalfire
eCommLink
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 22 of 80
Clearing & Settlement Hosting Provider - Web Merchant Services Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Payment Processing - POS Tax/Government Payments Element Payment Services November 30, 2011 Clearing & Settlement Merchant Services Payment Gateway/Switch Information Exchange
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 23 of 80
Emdeon
Trustwave
ControlCase India
ePay Healthcare
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 24 of 80
Epicor
Trustwave
eProcurement Services LLC September 30, 2011 Epsilon Data Management, LLC Equiant Financial Services, LLC August 31, 2011 November 30, 2011
Equifax
Trustwave Trustwave
Risk Associates
Clearing & Settlement Hosting Provider IPSP (E-commerce) (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 25 of 80
Clearing & Settlement Payment Gateway Process Magnetic-Stripe Transactions Switching Fidelity Information Services - Australasia Pty Ltd November 30, 2011 Authorization Trustwave
Clearing & Settlement Issuing Processing Fidelity Information Services - Chicago Authnet December 31, 2011 Payment Gateway/Switch Payment Processing - ATM Payment Processing - POS Fidelity Information Services - Clear Commerce May 31, 2011 Authorization Clearing & Settlement Payment Gateway Fidelity Information Services - Electronic Payment Presentment Fidelity Information Services - eZCard Fidelity Information Services - Issuing Solutions, Debit Account, Healthcare Payment Card and Prepaid Card Solutions Fidelity Information Services - Lisle Remittance Processing Fidelity Information Services - Loyalty Card Processing July 31, 2011 Authorization Trustwave Trustwave Trustwave
Other Authorization
Trustwave Trustwave
Loyalty Programs
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 27 of 80
Authorization
Trustwave
Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions Fidelity Information Services - Output Solutions San Antonio Fidelity Information Services - Payment Processing and Data Center Little Rock, AR February 28, 2011 Other Trustwave
Trustwave
Process Magnetic-Stripe Transactions Fidelity Information Services - Prepaid Solutions - South July 31, 2011 Authorization IBM Internet Security Systems (ISS)
Clearing & Settlement Issuing Processing Payment Gateway Switching Fidelity Information Services - Processadora e Servicos S.A. Brazil April 30, 2011 Authorization Trustwave
Clearing & Settlement Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions Fidelity Information Services - PSS India January 31, 2012 Issuing Processing Payment Gateway/Switch Payment Processing - ATM Fidelity Information Services - St. Petersburg Check Fidelity Information Services - St. Petersburg Remittance Processing March 31, 2011 Other Trustwave Trustwave
Fidelity Information Other Trustwave January 31, 2011 Services - Web Vault (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 28 of 80
Clearing & Settlement Payment Gateway Process Magnetic-Stripe Transactions Fifth Gear August 31, 2011 IPSP (E-commerce) MOTO Payment Processing Payment Gateway Financial Transmission Network Inc Finexus International Sdn Bhd January 31, 2012 March 31, 2012 Payment Gateway/Switch Trustwave Trustwave
3-D Secure Hosting Provider Trustwave Authorization Clearing & Settlement Hosting Provider Issuing Processing Payment Gateway/Switch Payment Processing MOTO Payment Processing - POS
Authorization
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 29 of 80
TrustWave
Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Trustwave
First Data Clientline Reporting (First Data Concord Electronic Financial Systems) FIRST DATA CONO SUR, S.A.
Trustwave
Account Management Back Office Services Clearing & Settlement Data Preparation Fraud and Chargeback Services Issuer Processing Merchant Services Other Payment Processing - ATM Payment Processing Internet Payment Processing MOTO Payment Processing - POS
Trustwave
Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 30 of 80
MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions First Data Government Solutions First Data Integrated Payment Systems First Data International ANZ September 30, 2011 IPSP (E-commerce) Payment Gateway September 30, 2011 September 30, 2011 Other Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching Authorization Clearing & Settlement Issuing Processing Loyalty Programs Process Magnetic-Stripe Transactions First Data International Korea October 31, 2011 Authorization Clearing & Settlement Loyalty Programs Payment Gateway Switching First Data InternationalOmniPay Limited November 30, 2011 Authorization Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data Merchant Services September 30, 2011 Authorization Clearing & Settlement IPSP (E-commerce) (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 31 of 80 Trustwave Trustwave Trustwave Trustwave Trustwave Trustwave
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data RemitCo September 30, 2011 Other Remittance Processing First Data Resources September 30, 2011 Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 32 of 80 Trustwave Trustwave
Trustwave
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data TeleCheck September 30, 2011 Authorization Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Hawaiian Bank June 30, 2011 Authorization Clearing & Settlement Payment Gateway Process Magnetic-Stripe Transactions Authorization Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Switching First National Technology Solutions March 31, 2012 Hosting Provider- Hardware Managed Services Network Provider/Transmitter (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 33 of 80 Trustwave Trustwave Trustwave
Trustwave
FirstSource Advantage, LLC September 30, 2011 FirstView, LLC August 31, 2011
Fiserv - Amherst Call Center March 31, 2011 Fiserv - Bank Solutions Lincoln & Sioux Falls Fiserv - Bank Solutions Precision Data Center July 31, 2011 November 30, 2011
Fiserv Checkfree Club December 31, 2011 Solutions (I4 Aphelion, EFT, POS) Fiserv - CheckFreePay Fiserv - Club Solutions (Compete, EFT Web, EFT, POS) Fiserv - CUBEOL Fiserv - CUSA Fiserv - Customer Solutions Fiserv - Enterprise Technology Group Brookfield, WI Data Center Fiserv - Enterprise Technology Group - Johns Creek, GA, Philadelphia, PA and Lewisville, TX Data Centers Fiserv ETG Irving Data Center Fiserv - Galaxy Fiserv - Premier Central June 30, 2011 July 31, 2011
Other Authorization
Payment Gateway May 31, 2011 October 31, 2011 November 30, 2011 October 31, 2011 Issuing Processing Other Other Other Payment Software Company (PSC) Payment Software Company (PSC) Payment Software Company (PSC) Payment Software Company (PSC) Payment Software Company (PSC)
Other
Payment Software Company (PSC) Payment Software Company (PSC) Payment Software Company (PSC)
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 34 of 80
Issuing Processing
August 31, 2011 November 30, 2011 July 31, 2011 February 28, 2012
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 35 of 80
FreedomPay Inc.
CompliancePoint
Frontline Processing
SecurityMetrics
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 36 of 80
Trustwave
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 37 of 80
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 39 of 80
HP Consumer Direct
HP Guidance Authorization
HP Oregon eGovernment (EDS) HP Pay for Convenience (EDS) HP Secure Payment Services - RCU America
IATS
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 40 of 80
K3DES
Payment Processing - ATM Payment Processing - POS INTERNATIONAL CARD August 31, 2011 SYSTEMS AD (CASYS AD) Clearing & Settlement Payment Gateway/Switch Payment Processing - ATM Payment Processing Internet Payment Processing - POS Internet Payment Exchange July 31, 2011 Network Provider/Transmitter Payment Processing Internet Records Management Other Payment Gateway/Switch Payment Processing Internet Payment Processing - POS Intersections February 28, 2011 Authorization IPSP (E-commerce) Hosting Provider MOTO Payment Processing Intrix Technology Inc. March 31, 2012 Payment Gateway/Switch Payment Processing Internet Payment Processing - POS Intuit BackOffice November 30, 2011 Back Office Services Clearing & Settlement Fraud and Chargeback Services (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 42 of 80 Trustwave Trustwave Control Case ANX Acertigo AG
SecurityMetrics
iPass, Inc. iPayment IPS Group Inc. iQmetrix IRN Payment Systems
March 31, 2012 June 30, 2011 October 31, 2011 August 31, 2011 February 28, 2011 May 31, 2011 May 31, 2011
Digital Resources Group (DRG) Trustwave Tevora Business Solutions Seccuris, Inc. Information Exchange
J.J. MacKay Canada Limited/MacKay Meters, Inc. (MacKay Meters) JetPay, LLC
Trustwave
Trustwave
Payment Processing Internet Payment Gateway/Switch Payment Processing Internet Authorization Clearing & Settlement Issuing Processing Other Process Magnetic-Stripe Transactions Switching
Trustwave
Payment Gateway/Switch Payment Processing MOTO Records Management Hosting Provider - Web Payment Processing Internet
SecurityMetrics SecureState
Kimbia, Inc.
Information Exchange
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 44 of 80
FortConsult
Magic-Wrighter, Inc.
Trustwave
Maintech MAKO NETWORKS LIMITED Maritz Loyalty Marketing Maritz Travel MarketLive MBS Insight, Inc MBS Textbook Exchange, Inc. - inSite MBU d.o.o.
November 30, 2011 February 28, 2011 December 31, 2011 August 31, 2011 October 31, 2011 May 31, 2011 September 30, 2011 August 31, 2011
IBM Internet Security Systems Verizon Business IBM Internet Security Systems IBM Internet Security Systems AT&T Consulting Solutions K3DES Trustwave Trustwave
McKesson - RelayHealth
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 46 of 80
Merchant Partners
Information Exchange
Payment Gateway Switching Merchant Warehouse Merchants Billing Services March 31, 2011 November 30, 2011 Payment Gateway Clearing & Settlement IPSP (E-commerce) Merchant Services MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 47 of 80 Trustwave Information Exchange Inc.
Merchants Choice Payment September 30, 2011 Solutions Mercury Payment Systems Meritus Payment Solutions November 30, 2011 October 31, 2011
Billing and Customer Support Employee Benefits Programs Health Savings Account Services Prepaid Employee Benefits Programs MetraTech Corp. February 28, 2011 Hosting Provider - Web Network Provider/Transmitter Payment Processing Internet Clearing & Settlement Loyalty Programs MICROPAGOS S.A. February 28, 2012 Network Provider/Transmitter Payment Processing Internet Payment Gateway Authorization IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Microsoft Tellme September 30, 2011 MOTO Payment Processing Trustwave CYBSEC SA Kirkpatrick Price LLC
RSM McGladrey
Trustwave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 48 of 80
Mindbody
Clearing & Settlement Process Magnetic-Stripe Transactions Switching Moneris Solutions Inc. July 31, 2011 3-D Secure Access Control Server Clearing & Settlement MOTO Payment Processing Process Magnetic-Stripe Transactions Other Clearing & Settlement Payment Gateway/Switch MoneyGram Payment Systems / Property Bridge Moneytree ATM Digital Network Solutions LLC May 31, 2011 IPSP (E-commerce) Other April 30, 2011 Clearing & Settlement Merchant Services Payment Gateway/Switch Payment Processing - ATM Monitise Americas Moore Wallace Motionsoft September 30, 2011 February 28, 2011 March 31, 2012 Account Management Other Hosting Provider - Web Other Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Payment Processing - POS (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 49 of 80 Trustwave Solutionary, Inc Trustwave Information Exchange Payment Software Company (PSC) Control Gap
Trustwave
RSM McGladrey
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 50 of 80
Hosting Provider January 31, 2012 Authorization Clearing & Settlement Payment Gateway NBX Merchant Services, Inc. DBA Optimal Payments December 31, 2011 Clearing & Settlement Payment Gateway NCMIC Finance Corporation October 31, 2011 NCO Group NCR Corporation NCR eCommerce - TD Bank Environment November 30, 2011 November 30, 2011 September 30, 2011 Other Other Other Hosting Provider - Web Hosting Provider- Hardware Managed Services Nebraska Electronic Transfer System, Inc. November 30, 2011 Clearing & Settlement Payment Gateway/Switch Payment Processing - ATM Nelnet Business Solutions, Inc NeoSpire, Inc. NETBilling April 30, 2011 Authorization Payment Gateway April 30, 2011 February 28, 2012 Hosting Provider Billing Management Payment Gateway/Switch Payment Processing Internet NetCentrix April 30, 2011 Billing Management INFORMATION EXCHANGE, INC Trustwave SecurityMetrics Trustwave Trustwave SecurityMetrics Payment Software Company (PSC) ControlCase LLC Arsenal Security Group Trustwave ControlCase LLC
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 51 of 80
NEXTAG, INC.
Trustwave
NPC Secure
Trustwave
Trustwave
K3DES
Coalfire Coalfire
Hosting Provider Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Switching ORCC - eCommerce Division: Columbus ORCC - eCommerce Division: Parsippany November 30, 2011 October 31, 2011 Other Other Trustwave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 54 of 80
Payment Processing - ATM Payment Processing Internet Payment Processing - POS Paciolan, Inc. October 31, 2011 Hosting Provider Payment Gateway Process Magnetic-Stripe Transactions Pago Mobile Inc. November 30, 2011 Authorization Payment Gateway Palm Coast Data December 31, 2011 IPSP (E-commerce) MOTO Payment Processing Payment Gateway PAMS Lunchroom LLC August 31, 2011 IPSP (E-commerce) MOTO Payment Processing Panasonic Avionics Corporation Paramount Acceptance April 30, 2011 June 30, 2011 Payment Gateway/Switch Other Payment Gateway Parkeon Parkmobile USA, Inc. Passkey International, Inc. Passport EFT Solutions Passport Health Communications, Inc. May 31, 2011 December 31, 2011 July 31, 2011 December 31, 2011 February 28, 2012 Payment Gateway Other Other Payment Gateway Payment Processing Internet Trustwave Coalfire Systems, Inc. IOActive Inc. Coalfire Trustwave Tevora Business Solutions SecurityMetrics, Inc. Trustwave K3DES Integral Business Solutions Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 55 of 80
PayCommerce Inc.
Trustwave
Paydiant Inc.
PaySimple PayTrace
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 57 of 80
Preferred Health Technology August 31, 2011 PREMIER TECHNOLOGIES PTY LTD March 31, 2011
Qgiv QS/1
SecurityMetrics Trustwave
Payment Gateway IPSP (E-commerce) Hosting Provider Loyalty Programs Issuer Processing Other Payment Gateway IPSP (E-commerce) Other
Coalfire Coalfire Systems. Inc. Coalfire Coalfire Systems. Inc. ControlCase LLC Trustwave Trustwave IBM Internet Security Systems Trustwave
Radiant Systems - CPOnline November 30, 2011 Radiant Systems - PCI Data Centers Rainbow Rewards Rapid Investments, Inc. Ready Financial Group RealPage, Inc. Rearden Commerce October 31, 2011 February 28, 2012 September 30, 2011 July 31, 2011 June 30, 2011 April 30, 2011
Recurly, Inc.
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 60 of 80
3-D Secure Hosting Provider Trustwave Clearing & Settlement Fraud and Chargeback Services Hosting Provider - Web Payment Gateway/Switch Payment Processing Internet Payment Processing - POS
Trustwave
Authorization Issuing Processing Other Authorization Payment Gateway Loyalty Programs Loyalty Programs Payment Processing Internet Hosting Provider Other
403 Labs
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 61 of 80
SecureNet
SecureTrading Limited
Trustwave
ServiceU Corporation
K3DES
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 63 of 80
Issuer Processing Payment Gateway/Switch Payment Processing Payment Processing - ATM SHC Direct Shift4 DOLLARS ON THE NET Shopify April 30, 2011 May 31, 2011 July 31, 2011 Loyalty Programs Payment Gateway/Switch Hosting Provider - Web Managed Services Sigma Micro August 31, 2011 IPSP (E-commerce) MOTO Payment Processing Payment Gateway Signature Card Services March 31, 2012 Loyalty Programs Other Simmons First National Corporation Simply Easier Payments September 30, 2011 October 31, 2011 Clearing & Settlement IPSP (E-commerce) Payment Gateway SITA - AirportConnect PCI Common Use Platform (2 airports) SITA Information Networking Computing, USA Inc. July 31, 2011 Managed Services IBM Security Services Trustwave Trustwave SecurityMetrics Trustwave Trustwave Verizon Business IOActive, Inc.
Global Distribution System IPSP (E-commerce) Other Switching Six Card Solutions Luxembourg S.A. April 30, 2011 Authorization IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe Transactions Skipjack Financial Services January 31, 2012 Authorization Payment Gateway Process Magnetic-Stripe Transactions SlimCD September 30, 2011 Merchant Services Payment Gateway/Switch (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 64 of 80 Enterprise Risk Management Trustwave NTT Security Limited
November 30, 2011 September 30, 2011 May 31, 2011 November 30, 2011
CrimsonSecurity Trustwave
Payment Processing Internet Clearing & Settlement IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 65 of 80
K3DES LLC
MOTO Payment Processing Payment Gateway STRATEGIC PAYMENTS SERVICES PTY LTD April 30, 2011 Issuing Processing Payment Gateway/Switch Payment Processing - ATM Payment Processing MOTO Payment Processing - POS Strategic Profits April 30, 2011 Hosting Provider - Web Managed Services Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 66 of 80 SPIguard Security Solutions Inc. Verizon Business
TalentBeat, Inc
K3DES
Teleformix, LLC
RSM McGladrey
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 67 of 80
The Results Companies LLC February 28, 2012 The Shubert Organization February 28, 2012
Trustwave
Information Exchange
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 69 of 80
Clearing & Settlement Merchant Services Payment Gateway/Switch Payment Processing Internet Payment Processing - POS
Information Exchange
Transactis
Clearing & Settlement Merchant Services Payment Gateway/Switch Payment Processing Internet
Transbank, S.A.
Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching MOTO Payment Processing Other
Xtrategies
Sunera LLC
Hosting Provider MOTO Payment Processing Payment Gateway Back Office Services Clearing & Settlement Fraud and Chargeback Services Merchant Services Other Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Payment Processing - POS Other
Trustwave
TransFirst
Solutionary, Inc.
Valcom
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 70 of 80
Trilegiant
Trustwave
Trustwave
Clearing & Settlement Loyalty Programs TSYS Customer Insight TSYS Digital Document System January 31, 2012 February 28, 2012 Other Other TrustWave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 71 of 80
TSYS Managed Services April 30, 2011 Myersville (Merlin Solutions) TSYS Merchant Solutions TSYS Prepaid January 31, 2012 July 31, 2011
Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions Twin Oaks Software Development, Inc. February 28, 2012 Billing Management Payment Processing MOTO TxVia January 31, 2011 Authorization Clearing & Settlement Issuing Processing Payment Gateway Switching U.S. Bank Access Online U.S. Payments July 31, 2011 December 31, 2011 Other Merchant Services Payment Gateway/Switch Payment Processing MOTO UltraCart September 30, 2011 Merchant Services Payment Processing Internet UMS Banking Unirush, LLC (Rush Card) United Bank Card November 30, 2011 December 31, 2011 July 31, 2011 Other Payment Gateway Clearing & Settlement Merchant Services Back Office Services Jet Infosystems Billing Management Clearing & Settlement (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. January 31, 2011 Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 72 of 80 UNITED CARD SERVICE SecurityMetrics Fortrex Technologies Information Exchange Compliance Point TrustWave 403 Labs, LLC 403 Labs 403 Labs
Accudata Systems
SecureState
Information Exchange
TrustWave Trustwave
Clearing & Settlement Fraud and Chargeback Services Issuing Processing Other USA ePay April 30, 2012 Authorization Payment Gateway Authorization Clearing & Settlement Hosting Provider USA Payment Systems, Inc. December 31, 2011 Clearing & Settlement Issuer Processing Payment Gateway/Switch Payment Processing - ATM USA Technologies USA800 January 31, 2012 September 30, 2011 Payment Gateway/Switch MOTO Payment Processing Payment Gateway VALUE PAY SERVICES LLC, AN IPC COMPANY November 30, 2011 Payment Gateway/Switch Payment Processing Internet Value Payment Systems, LLC. December 31, 2011 Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 74 of 80 SAIC IBM Security Services Trustwave IOActive, Inc. K3DES Trustwave
AT&T Consulting
Trustwave
Clearing & Settlement MOTO Payment Processing Vantiv (a.k.a. Fifth Third Processing Solutions) Issuing and Switch Providing Systems June 30, 2011 Authorization Trustwave
Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions Switching Varolii Corporation March 31, 2012 Other Payment Gateway/Switch VEGAS.COM July 31, 2011 Loyalty Programs MOTO Payment Processing Payment Gateway Payment Gateway/Switch Payment Gateway Network Provider/Transmitter Billing Management Fraud and Chargeback Services Payment Gateway/Switch Payment Processing Internet Verifi June 30, 2011 Hosting Provider Payment Processing Internet Trustwave Trustwave Brightline CPAs & Associates, Inc.
May 31, 2011 November 30, 2011 January 31, 2012 January 31, 2012
igxglobal, Inc. Digital Resources Group (DRG) UHY Advisors TX, LLC SecurityMetrics
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 75 of 80
SecurityMetrics
Verizon Business Global January 31, 2012 Services System Integration (VB-GSSI)
Payment Gateway/Switch
Trustwave
Payment Processing Internet Payment Processing MOTO Verizon Business Remote Application Management Verizon Computing as a Service Verrus Mobile Technologies February 28, 2011 June 30, 2011 November 30, 2011 Other Hosting Provider Authorization MOTO Payment Processing VERSATILE TECHNOLOGY INC. June 30, 2011 Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions Switching Vesdia Vesta Corporation April 30, 2011 June 30, 2011 Loyalty Programs MOTO Payment Processing Other Payment Gateway VetCentric, Inc. April 30, 2011 IPSP (E-commerce) Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 76 of 80 Coalfire Coalfire Systems. Inc. AT&T Consulting, Inc. Xtrategies, LLC Trustwave Trustwave Trustwave
Account Management Back Office Services Billing Management Clearing & Settlement Data Preparation Fraud and Chargeback Services Hosting Provider - Web Hosting Provider- Hardware Issuer Processing Loyalty Programs Managed Services Merchant Services Network Provider/Transmitter Payment Gateway/Switch Payment Processing - ATM Payment Processing Internet Payment Processing MOTO Payment Processing - POS (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 77 of 80
VitalChek
Trustwave
Stratsec
Payment Processing Internet West - Managed Call Center Services West Business Services West Customer Management Group - Work At Home (WCMG - WAH) September 30, 2011 Account Management Billing Management April 30, 2011 September 30, 2011 MOTO Payment Processing Account Management Trustwave Continuum Worldwide Continuum Worldwide Corporation
Billing Management
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 78 of 80
Clearing & Settlement (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 79 of 80
Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Switching Yapstone Inc. April 30, 2011 Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Yes-Pay International Ltd. July 31, 2011 Issuer Processing Payment Gateway/Switch Payment Processing Internet Payment Processing MOTO Payment Processing - POS Yodlee December 31, 2011 Hosting Provider IPSP (E-commerce) Zagrebaka banka d.d. January 31, 2012 Clearing & Settlement Fraud and Chargeback Services Issuer Processing Payment Processing - ATM Payment Processing Internet Payment Processing - POS ZEUS Corporation October 31, 2011 3-D Secure Hosting Provider NTT Data Security Corporation Account Management Billing Management Clearing & Settlement Payment Gateway/Switch Payment Processing Internet Payment Processing - POS Payment Gateway Authorization Payment Gateway 403 Labs Digital Resources Group (DRG) IBM AT&T Consulting Fortconsult BrightLine
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2012 Visa Inc. 80 of 80