Beruflich Dokumente
Kultur Dokumente
As Of 11/3/2010
The companies listed below were validated as being PCI DSS compliant by a QSA as of the "VALIDATION DATE". Service providers are required to revalidate their compliance to Visa on an annual basis, with the next annual Report on Compliance (ROC) due to Visa one year from the "VALIDATION DATE". ROCs that are from 160 days late are noted in yellow and ROCs that are from 60-90 days late are noted in red. Entities with ROCs over 90 days past due are removed from this list. Entities are listed in each Visa region where they have been registered by at least one client, including: AP - Asia Pacific, CEMEA - Central Europe / Middle East / Africa, LAC - Latin America / Caribbean, NA - North America - Canada / United States. Visa client's are responsible for and are required to use compliant service providers and to follow up with service providers directly if there are any questions about their compliance status.
Process Magnetic-Stripe Transactions (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 1 of 62
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 2 of 62
Advantex Dining Corporation March 31, 2010 Adyen B.V. Aegis Communications Affinion Loyalty Group (formerly Trilegiant) Affinity Solutions Agilysys, Inc. Airlines Reporting Corporation Akamai Alacriti Alaska Option Services May 31, 2010 December 31, 2009 February 28, 2010 November 30, 2009 July 31, 2010 February 28, 2010 September 30, 2010 December 31, 2009 April 30, 2010
Datassurant, Inc.
Internet Payment Processing Trustwave Other Loyalty Programs Loyalty Programs Payment Gateway Clearing & Settlement Other Payment Gateway Authorization Clearing & Settlement Issuing Processing Switching K3DES Trustwave Solutionary Trustwave AT&T Consulting Solutions, Inc. Neohapsis Inc. IGX Global K3DES
Aliaswire
IGX Global
Alliance Entertainment
Solutionary Inc.
May 31, 2010 April 30, 2010 October 31, 2010 December 31, 2009
Tevora Business Solutions IBM Internet Security Systems IOActive, Inc. Verizon Business
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 3 of 62
Arab Financial Services Company Arcot Systems Argenbright Skybridge Marketing Group Customer Service Aria Systems Ariba Inc Arise Virtual Solutions Armenian Card CJSC
December 31, 2009 May 31, 2010 May 31, 2010 December 31, 2009
Payment Gateway Other Other Authorization Clearing & Settlement Issuing Processing Switching
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 4 of 62
Other
Trustwave
Other Other
Trustwave Trustwave
Other
Trustwave
AT&T Managed Services July 31, 2010 Transaction Routing Service AT&T Managed Services VoiceTone AT&T Synaptic Hosting July 31, 2010 October 31, 2010
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 5 of 62
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 6 of 62
Trustwave
September 30, 2009 Hosting Provider IPSP (E-commerce) November 30, 2009 Authorization Payment Gateway Authorization MOTO Payment Processing Other Payment Gateway
CardCana Corporation
IGX Global
CARDFLEX INC.
K3DES LLC
Verified by Visa Merchant Services Clearing & Settlement MOTO Payment Processing Payment Gateway
CardStandard
Authorization Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions
Cardtronics EFT
K3DES
Cardworks Processing
Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Other Loyalty Programs Loyalty Programs Hosting Provider IPSP (E-commerce) Payment Gateway
Trustwave
Carlson Marketing March 31, 2010 Worldwide (Visa Data Track) Carlson Marketing Worldwide (Visa Extras) Cart 32 June 30, 2010 August 31, 2009
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 8 of 62
CASHNet
Trustwave
April 30, 2010 April 30, 2010 February 28, 2010 November 30, 2009 January 31, 2010
CDW Hosting and Managed October 31, 2009 Services CenPos Center Partners Central States Indemnity Centrix Bank LockBox Service January 31, 2010 October 31, 2009 October 31, 2010 May 31, 2010
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 10 of 62
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 11 of 62
Credit Discovery
Information Exchange
IPSP (E-commerce) Payment Gateway CSI Software October 31, 2009 September 30, 2010 Hosting Provider Payment Gateway CSU CardSystem S.A. Authorization Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions Switching Cvent August 31, 2009 Switching FishNet Security Trustwave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 12 of 62
September 30, 2009 Other April 30, 2010 August 31, 2010 August 31, 2010 Switching Payment Gateway IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions
July 31, 2010 July 31, 2010 July 31, 2010 February 28, 2010
Payment Gateway Other Other Authorization Clearing & Settlement Other Payment Gateway
Trustwave Trustwave
September 30, 2010 April 30, 2010 February 28, 2010 May 31, 2010
Delphis Software
Demandware
Hosting Provider IPSP (E-commerce) Payment Gateway Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs
Denarii Systems
Security Works
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 13 of 62
DHD Media
Trustwave
Digital Network Solutions April 30, 2010 (DNS) DBA Moneytree ATM
June 30, 2010 May 31, 2010 April 30, 2010 August 31, 2009
Payment Gateway IPSP (E-commerce) Clearing & Settlement Authorization Clearing & Settlement Hosting Provider IPSP (E-commerce) Payment Gateway
EchoSat Communications
Security Innovation
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 14 of 62
TrustWave
Information Exchange
Clearing & Settlement IPSP (E-commerce) Loyalty Programs MOTO Payment Processing Other Payment Gateway Payment Processing Process Magnetic-Stripe Transactions Switching Element Payment Services November 30, 2009 Clearing & Settlement Other Payment Gateway IPSP (E-commerce) Process Magnetic-Stripe Transactions EMN8 POS Managed Services Enacomm, Inc. Encircle ENETS PTE LTD ePayData November 30, 2009 Other Payment Gateway March 31, 2010 December 31, 2009 November 30, 2009 October 31, 2009 Hosting Provider Other Payment Gateway Clearing & Settlement Payment Gateway Epicor March 31, 2010 Authorization Payment Gateway IPSP (E-commerce) Payment Gateway Loyalty Programs E-Commerce Order Fulfillment Trustwave True Digital Security Enterprise Risk mangement Vectra Information Exchange Tevora Business Solutions Information Exchange
Emdeon
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 16 of 62
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 17 of 62
Clearing & Settlement Payment Gateway Switching Fidelity Information Services - Certegy UK, Birmingham September 30, 2009 Authorization IBM Internet Security Systems
Clearing & Settlement Payment Gateway Switching Fidelity Information Services - Chicago Authnet December 31, 2009 Authorization Clearing & Settlement Issuing Processing Payment Gateway Switching Fidelity Information Services - Clear Commerce Fidelity Information Services - eFunds Prepaid Solutions May 31, 2010 April 30, 2010 Payment Gateway Issuing Processing IBM Internet Security Systems Trustwave IBM Internet Security Systems
Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions Fidelity Information Services - eZCard Charlotte Fidelity Information Services - GBS India March 31, 2010 Other IBM Internet Security Systems IBM Internet Security Systems
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 18 of 62
Loyalty Programs
Authorization
Trustwave
Clearing & Settlement Process Magnetic-Stripe Transactions Fidelity Information Services - Output Solutions San Antonio Fidelity Information Services - Payment Processing and Data Center Little Rock, AR February 28, 2010 Other IBM Internet Security Systems Trustwave
Process Magnetic-Stripe Transactions Fidelity Information Services - Plainview Fidelity Information Services - Processadora e Servicos S.A. Brazil September 30, 2010 April 30, 2010 Other Authorization IBM Internet Security Systems Trustwave
Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Fidelity Information Services - PSS India January 31, 2010 Authorization Clearing & Settlement Switching Fidelity Information Services - St. Petersburg Fidelity Information Services - St. Petersburg Check Fidelity Information Services - Web Vault Fidelity Information Services (FIS) Electronic Payments, New Berlin WI September 30, 2009 Remittance Processing March 31, 2010 Authorization IBM Internet Security Systems IBM Internet Security Systems (ISS) IBM Internet Security Systems
Clearing & Settlement January 31, 2010 Other IBM Internet Security Systems (ISS) IBM Internet Security Systems
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 19 of 62
Payment Gateway Switching Fifth Third Processing Solutions - Issuing and Switch-Providing Systems June 30, 2010 3-D Secure Access Control Server Authorization Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions Switching Fifth Third Processing June 30, 2010 Solutions-Acquiring Systems Authorization Clearing & Settlement Process Magnetic-Stripe Transactions Financial Transmission Network Inc Finexus International Sdn Bhd January 31, 2010 July 31, 2010 Payment Gateway Authorization Clearing & Settlement Hosting Provider Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Switching First American Payment Systems First Atlantic Commerce, LTD. June 30, 2010 Clearing & Settlement Payment Gateway March 31, 2010 Clearing & Settlement MOTO Payment Processing Payment Gateway Switching First Data - Cono Sur S.R.L. March 31, 2010 Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Other (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 20 of 62 Trustwave Coalfire IBM Internet Security Systems Trustwave Truswave Trustwave Trustwave
First Data - Integrated Payment Systems (IPS) Denver First Data - Integrated Payment Systems (IPS) Westerville First Data - Secure Transport (Datawire)
Trustwave
Other
Trustwave
Trustwave
Authorization
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data CAC (Processing Center, S.A.) March 31, 2010 Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data Card Services International September 30, 2010 Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 21 of 62 Trustwave TrustWave
Trustwave
Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Trustwave
Authorization
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data Government Solutions First Data Integrated Payment Systems First Data International ANZSA December 31, 2010 IPSP (E-commerce) Payment Gateway October 31, 2010 September 30, 2010 Other Authorization Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Process Magnetic-Stripe Transactions Switching First Data International China September 30, 2010 Authorization Clearing & Settlement (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 22 of 62 Trustwave Trustwave Trustwave Trustwave
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data RemitCo September 30, 2010 Other Remittance Processing Authorization Clearing & Settlement IPSP (E-commerce) (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 23 of 62 Trustwave
Trustwave
Trustwave
Trustwave
Clearing & Settlement IPSP (E-commerce) Issuing Processing MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching First Data TeleCheck September 30, 2010 Authorization Clearing & Settlement Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 24 of 62
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 25 of 62
PSC
Fiserv Bank Solutions (LBD) EMEA FISERV Credit Processing Services Fiserv EFT
PSC Payment Software Company (PSC) Payment Software Company (PSC) PSC
FISERV Electronic Banking, October 31, 2010 Biller Solutions & Itech
FISERV Enterprise Technology - Johns Creek FISERV FET Irving Fiserv Xroads
September 30, 2009 Other November 30, 2009 February 28, 2010 Hosting Provider Hosting Provider Other
PSC Payment Software company (PSC) Payment Software company (PSC) HALOCK Security Labs Trustwave Fortrex Technologies Trustwave
Florists Transworld Delivery Inc. Focus Payment Solutions Fore! Reservations Forward Information Technologies
September 30, 2009 Payment Gateway June 30, 2010 Authorization Hosting Provider Payment Gateway
Trustwave T3i
Clearing & Settlement Loyalty Programs (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 26 of 62
Symantec
Vectra Information Security Pte Ltd (branch office of Vectra Corp) Coalfire Trustwave IBM Internet Security Systems Core Security IBM Internet Security Systems BSI Japan
GP Network Corporation
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 28 of 62
September 30, 2009 Payment Gateway August 31, 2010 Authorization MOTO Payment Processing Payment Gateway Switching Payment Gateway Authorization Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Harris Connect
Trustwave Coalfire
Helcim Inc.
Other Hosting Provider Loyalty Programs Authorization Hosting Provider Switching Hosting Provider Other
Trustwave Telus Tech Lock Inc Internet Secuirty Services Net Cyclops Inc.
Hitachi Information Systems February 28, 2010 HostedPCI March 31, 2010
Hosting.com
Trustwave
HP Commercial Card (EDS) May 31, 2010 HP Consumer Card Services (EDS) October 31, 2009
Trustwave Trustwave
Authorization E-Commerce
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 29 of 62
HP Deposit Systems
Trustwave
September 30, 2009 Authorization IPSP (E-commerce) Issuing Processing Process Magnetic-Stripe Transactions December 31, 2010 Other Payment Gateway Process Magnetic-Stripe Transactions
IATS Ticketmaster
Trustwave
August 31, 2010 January 31, 2010 October 31, 2009 June 30, 2010 December 31, 2009 September 30, 2010
Clearing & Settlement IPSP (E-commerce) Other Other Other Authorization Issuing Processing Other
RSM McGladrey NetSPI TruArx Computer Task Group SecurityMetrics IBM Internet Security Systems
Other
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 30 of 62
IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe Transactions Switching (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 31 of 62
TruArx
SecurityMetrics
Vectra Corporation
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 32 of 62
Trustwave
J.J. MacKay Canada Limited/MacKay Meters, Inc. (MacKay Meters) JetPay, LLC
Trustwave
Clearing & Settlement Payment Gateway Clearing & Settlement Issuing Processing Loyalty Programs Payment Gateway
Trustwave
Coalfire
September 30, 2009 Clearing & Settlement August 31, 2009 October 31, 2010 IPSP (E-commerce) Authorization Issuing Processing Payment Gateway Process Magnetic-Stripe Transactions
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 33 of 62
Self-Assessment
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 34 of 62
McKesson Patient Compass April 30, 2010 Mediterranean Smart Cards Company December 31, 2009
Trustwave Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 35 of 62
Trustwave Trustwave
Merchant Partners
Information Exchange
MERCHANT SERVICES DE MEXICO S.A DE C.V Merchant Services LTD Merchant Services Processing at Bank of America, NA
Payment Gateway Switching Merchant Warehouse October 31, 2009 MOTO Payment Processing Payment Gateway (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 36 of 62 Trustwave
Merchants Choice Payment Solutions Mercury Payment Systems Meridian Enterprises, Inc.
September 30, 2009 Other March 31, 2010 December 31, 2009 Payment Gateway Authorization Issuing Processing Payment Gateway Other Clearing & Settlement Authorization Payment Gateway Authorization
Meritus Payment Solutions Merkle Response Group Meta Payment Systems Metavante - Electronic Payment Presentment Metavante Biller Solution Product (BSP) Metavante CorporationAcquiring Solutions, ATM Driving & Gateway Services
August 31, 2009 November 30, 2009 April 30, 2010 July 31, 2010 September 30, 2010 April 30, 2010
Clearing & Settlement Process Magnetic-Stripe Transactions Switching Metavante CorporationIssuing Solutions, Debit Account, Healthcare Payment Card, and Prepaid Card Solutions April 30, 2010 Authorization Trustwave
Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions Switching Metavante Healthcare Payment Solutions Group, Benefits Payment Systems Metavante-Merchant Acquiring and Credit Card Account Processing Services February 28, 2010 Other TrustWave
Other
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 37 of 62
Trustwave
Verizon Business:
September 30, 2009 Payment Gateway November 30, 2009 March 31, 2010 Authorization Clearing & Settlement
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 38 of 62
Nvision Group
SecurityMetrics
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 39 of 62
Information Exchange
IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions
Control Gap
NCMIC Finance Corporation October 31, 2009 NCO Group Nebraska Electronic Transfer System, Inc. November 30, 2009 November 30, 2009
Clearing & Settlement Loyalty Programs Other Authorization Clearing & Settlement Switching
SecurityMetrics
Trustwave
Netspend
NetSpend Corporation
Authorization Clearing & Settlement Issuing Processing Payment Gateway Hosting Provider Payment Gateway Authorization Clearing & Settlement
NetSuite
Trustwave
Network Merchants
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 40 of 62
Network Solutions
NEXUS, S.A.
403labs
K3DES
Oracle E-Billing
Coalfire Systems
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 42 of 62
Trustwave
PaySimple PayTrace
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 44 of 62
Preferred Health Technology August 31, 2010 PREMIER TECHNOLOGIES PTY LTD March 31, 2010
ProfitStars
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 46 of 62
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 47 of 62
Radiant Systems - CPOnline August 31, 2010 RADIANT SYSTEMS - PCI DATA CENTERS Rainbow Rewards RBS WorldPay - High Capacity Gateway RBS WorldPay Inc. Acquiring October 31, 2009 February 28, 2010 March 31, 2010 May 31, 2010
SecureWorks, Inc
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 48 of 62
RSI International
Coalfire
Trustwave Trustwave
SATELLITE RECEIVERS, LTD. (Cash Depot) Savvis Communications Corporation SBI VERITRANS CO., LTD School-Link Technologies
Other Switching
K3DES
SecureNet
Authorization
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 49 of 62
SegPay
Trustwave
ServiceU Corporation
K3DES
Clearing & Settlement Issuing Processing Process Magnetic-Stripe Transactions Switching SHC Direct Shift4 April 30, 2010 May 31, 2010 Loyalty Programs Clearing & Settlement Loyalty Programs Payment Gateway Switching Signature Card Services October 31, 2009 Loyalty Programs Other SecurityMetrics Trustwave Verizon Business
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 50 of 62
Switching April 30, 2010 Authorization Clearing & Settlement IPSP (E-commerce) Payment Gateway Process Magnetic-Stripe Transactions Skipjack Financial Services February 28, 2010 Authorization Clearing & Settlement Process Magnetic-Stripe Transactions SlimCD Smart Business Technology, Inc September 30, 2009 Payment Gateway March 31, 2010 Authorization Clearing & Settlement Loyalty Programs Payment Gateway Switching SmartEtailing, Inc September 30, 2010 Hosting Provider Payment Gateway SOCIETE GENERALE SPLITSKA BANKA D.D. SoftHotel SoundBite Communications May 31, 2010 Clearing & Settlement Payment Processing October 31, 2009 Payment Gateway Trustwave K3DES Acertigo Digital Resources Group (DRG) Enterprise Risk Management T3i Trustwave VOC - Consultancy B.V.
September 30, 2009 Hosting Provider Other May 31, 2010 December 31, 2009 April 30, 2010 Other Other Other
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 51 of 62
CrimsonSecurity Trustwave
MOTO Payment Processing Payment Gateway Strategic Profits April 30, 2010 Authorization Clearing & Settlement MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions SunGard Availability Services SunGard Public Sector February 28, 2010 October 31, 2009 Hosting Provider Hosting Provider Payment Gateway Fortrex Technologies SecurityMetrics SPIguard Security Solutions Inc.
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 52 of 62
Superior Financial Systems, September 30, 2009 Other LLC Synapse Group, Inc. SystemPay, LLC October 31, 2010 April 30, 2010 Other Authorization IPSP (E-commerce) Payment Gateway T.K. Keith Company, Inc. (dba Primax) TalentBeat, Inc July 31, 2010 Other
September 30, 2009 Payment Gateway Switching February 28, 2010 March 31, 2010 May 31, 2010 Payment Gateway Authorization Authorization Clearing & Settlement Issuing Processing MOTO Payment Processing Process Magnetic-Stripe Transactions Switching
Teleflora
Trustwave
Teleperformance USA
Trustwave
Telus Health and Financial June 30, 2010 Service Solutions (Emergis) Telvista - Grupo Tecnico de Servicios Tempus Technologies Teranet Enterprises Inc. January 31, 2010 May 31, 2010 April 30, 2010
Authorization Payment Gateway MOTO Payment Processing Payment Gateway IPSP (E-commerce)
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 53 of 62
TermNet Merchant Services June 30, 2010 Terremark North America, Inc. T-Gate LLC The Bancorp Bank October 31, 2009 April 30, 2010 April 30, 2010
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 54 of 62
Transactis
Transbank, S.A.
Authorization Clearing & Settlement IPSP (E-commerce) MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Xtrategies
TransCore
Trustwave
TransFirst
Solutionary, Inc.
TransVerse Systems
Authorization Clearing & Settlement Loyalty Programs MOTO Payment Processing Other Payment Gateway Process Magnetic-Stripe Transactions
Tranzact
Payment Gateway
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 55 of 62
Clearing & Settlement Clearing & Settlement Other Payment Gateway Payment Gateway Process Magnetic-Stripe Transactions Switching
TrustCommerce
403 Labs
TRXSERVICES LLC TSD Rental TSYS (Issuing Processing) TSYS Acquiring Solutions (formerly Vital Processing Services)
October 31, 2010 January 31, 2010 January 31, 2010 April 30, 2010
Clearing & Settlement Loyalty Programs TSYS Customer Insight (ProphIT) TSYS Loyalty (IM Platform/TLP Platform) January 31, 2010 Loyalty Programs MOTO Payment Processing July 31, 2010 Loyalty Programs Other Authorization Issuing Processing MOTO Payment Processing Prepaid Card Processing TSYS Procard Twin Oaks TxVia January 31, 2010 February 28, 2010 January 31, 2010 Other MOTO Payment Processing Trustwave Janus Associates Trustwave Trustwave Trustwave TrustWave
TSYS Managed Services April 30, 2010 Myersville (Merlin Solutions) TSYS Prepaid July 31, 2010
Authorization 403 Labs Clearing & Settlement Issuing Processing Other Payment Gateway Switching (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 56 of 62
TrustWave
SecurityMetrics
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 57 of 62
July 31, 2010 July 31, 2010 January 31, 2010 December 31, 2009
Other Other
TrustWave TrustWave
USA ePay
Authorization Clearing & Settlement Payment Gateway Authorization Clearing & Settlement Hosting Provider MOTO Payment Processing Payment Gateway
Trustwave
AT&T Consulting
K3DES
Payment Gateway
Trustwave
3-D Secure Access Control Xtrategies Server Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching (1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 58 of 62
Trustwave
Vcommerce
403 Labs
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 59 of 62
Hosting Provider Authorization MOTO Payment Processing Loyalty Programs IPSP (E-commerce) Other Payment Gateway
Trustwave Trustwave
Coalfire Systems. Inc. AT&T Consulting, Inc. Payment Software Company (PSC) Xtrategies, LLC
Visa Argentina S A
3-D Secure Access Control Server Authorization Clearing & Settlement IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching 3-D Secure Access Control Server Authorization Clearing & Settlement Hosting Provider IPSP (E-commerce) Issuing Processing Loyalty Programs MOTO Payment Processing Payment Gateway Process Magnetic-Stripe Transactions Switching
Trustwave
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 60 of 62
Other
Continuum Worldwide Corporation Verizon Business Trustwave Trustwave Trustwave Trustwave SISA Information Security Pvt Ltd Coalfire Systems. Inc. Information Exchange
September 30, 2009 MOTO Payment Processing April 30, 2010 April 30, 2010 October 31, 2009 April 30, 2010 MOTO Payment Processing MOTO Payment Processing Other MOTO Payment Processing
September 30, 2009 Other July 31, 2010 April 30, 2010 Payment Gateway Authorization Clearing & Settlement Payment Gateway
IPSP (E-commerce) MOTO Payment Processing Payment Gateway Payment Gateway IPSP (E-commerce) Loyalty Programs MOTO Payment Processing
Accuvant SecurityMetrics
Authorization
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 61 of 62
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. * Current PCI DSS status is under review. Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report. Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Inclusion on this list indicates only that the service provider successfully validated PCI DSS compliance, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices. Visa has sole discretion to include or exclude entities on this list. 2010 Visa Inc. 62 of 62