Site Data Protection and PCI


MasterCard PCI Compliant Service Providers

It is important for merchants who are looking to engage a Service Provider to choose one who is PCI compliant. Choosing a PCI Compliant Service Provider may reduce the merchant PCI scope and will help reduce the risk of an account data compromise.

Click the link below for Service Providers who have been reported to MasterCard by Qualified Security Assessors (QSAs) as compliant with the PCI DSS as of the date indicated.

Click Here for the MasterCard Compliant Service Provider List

A company’s name appears on this Compliant Service Provider List if:

  • (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and
  • (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Please Note: The Attestation of Compliance (AOC ) date shown on the Compliant Service Provider List uses the date from Part 3 (PCI DSS Validation) of the submitted AOC for Onsite Assessments – Service Providers.

PCI Education

Also of Interest