List of PCI DSS Compliant Service Providers · List of PCI DSS Compliant Service Providers The companies listed below successfully completed an assesssment based on the PCI Data Security
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
List of PCI DSS Compliant Service Providers
The companies listed below successfully completed an assesssment based on the PCI Data Security Standard (PCI DSS).
The "VALIDATION DATE" is the date of last compliance. PCI DSS assessments are valid for one year, with the next annual report due to Visa one year from the "VALIDATION DATE". Reports that are from 1-60 days late are noted in yellow and reports that are from 60-90 days late are noted in red. Entities with reports over 90 days past due are removed from this list.
It is the client's responsibility to use compliant service providers and to follow up with service providers if there are any questions about their compliance status.
As Of September 30, 2008
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
1ShoppingCart.com Internet Payment ProcessingJune 30, 2008 Security Metrics
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
Ariba Inc Expense ManagementMay 31, 2008 Payment Software company (PSC)
2 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
Authorize.NET Internet Payment ProcessingNovember 30, 2007 Trustwave
BA Merchant Services Payment ProcessingMarch 31, 2008 Trustwave
Bank Card Services, Inc Merchant Payment ProcessingMay 31, 2008 Trustwave
BankersBank Card Services Back Office Services for marketing and collection
November 30, 2007 Self-Assessment
3 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Bankserv Merchant Payment ProcessingOctober 31, 2007 Payment Software Company (PSC)
Barr Security School Lunch Merchant AccountJuly 31, 2008 Self-Assessment
Beanstream Internet Payment ProcessingSeptember 30, 2008 SPIGuard Security Solutions Inc
BearingPoint ePay Internet Payment ProcessingNovember 30, 2007 Trustwave
BillMatrix Bill Payment ProcessingFebruary 28, 2008 Trustwave
CCBill Internet Payment ProcessingJanuary 31, 2008 Chief Security Officers
4 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Center Partners Call Center ServicesOctober 31, 2007 Verisign
Central Coast Processing Payment ProcessingApril 30, 2008 403 Labs
Central States Indemnity Payment ProcessingNovember 30, 2007 FishNet Security
Centrix Bank – LockBox Service Payment GatewayMay 31, 2008 SecurityMetrics
Century Bankcard Services Merchant POS ProcessingMay 22, 2008 Information Exchange
Certain Software Web-based ReportingFebruary 28, 2008 Payment Software Company (PSC)
Communications Data Services Order FulfillmentMay 31, 2007 RSM McGladrey
Complianthost.com, a GSI Service Offering
Data-Center HostingJuly 31, 2008 Solutionary
Managed Hosting
5 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Complianthost.com, a GSI Service Offering
Physical SecurityJuly 31, 2008 Solutionary
Computer Services, Inc. Payment ProcessingSeptember 30, 2008 Crowe Chizek
Comstar Interactive Internet Payment ProcessingApril 30, 2008 Trustwave
Mobile Payment Processing
Wireless Payment Processing
Concord Electronic Financial Systems (CEFS), a First Data Company
Payment ProcessingSeptember 30, 2008 Trustwave
Concord Emerging Technologies, a First Data Company
Cyber City Teleservices Call Center ServicesSeptember 30, 2008 CrimsonSecurity
Cybera Data TransmissionApril 30, 2008 IBM Internet Security Systems
CyberSource Corporation Internet Payment ProcessingAugust 31, 2008 CyberTrust
6 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
CyberSource Corporation Verified by Visa Hosted Payer Authentication
August 31, 2008 CyberTrust
Cygnus Payment GatewayFebruary 28, 2008 Trustwave
Cynergy Data Merchant Payment ServicesAugust 31, 2008 Information Exchange
Data Center of Arizona Call Center ServicesDecember 31, 2007 Self-Assessment
Data Delivery Services Web-based ReportingJuly 31, 2008 Trustwave
Data Stream ATM ProcessingFebruary 28, 2008 Information Exchange
DataCo Credit Card ServicesMay 31, 2008 BT INS
Dataline Systems Affinity Card ServicesDecember 31, 2007 Trustwave
EDS Consumer Direct Order FulfillmentAugust 31, 2008 Trustwave
EDS Deposit Systems Payment ProcessingSeptember 30, 2007 Trustwave
7 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
Element Payment Services Payment ProcessingNovember 30, 2007 Information Exchange
Emergis Internet Payment GatewayJune 30, 2008 Trustwave
EMS Holland, a First Data Company
Payment ProcessingDecember 31, 2007 Trustwave
Encircle Payment ProcessingJuly 31, 2008 K3DES
Eperformax Centers Call Center ServicesMay 31, 2008 Hill & Associates
Epicenter Technologies Call Center ServicesFebruary 28, 2008 Controlcase
Epoch (a dba of Paycom.net) Internet Payment ProcessingNovember 30, 2007 Protiviti
eProcessing Network Internet Payment ProcessingApril 30, 2008 Trustwave
8 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
eProcessing Network Mobile Payment ProcessingApril 30, 2008 Trustwave
POS Payment Processing
Epsilon Data Management Loyalty ProgramsAugust 31, 2008 CyberTrust
EVO Merchant Services Merchant Payment ProcessingJuly 31, 2007 Trustwave
Fast Transact Inc Merchant Payment ProcessingMay 31, 2008 Contronl Case
Fidelity Information Services - Card Loyalty Program
Loyalty ProgramsJune 30, 2008 IBM Internet Security Systems
Fidelity Information Services - Certegy UK, Birmingham
Authorization and SettlementSeptember 30, 2008 IBM Internet Security Systems
Payment Gateway
Fidelity Information Services - Chicago
Debit Card ProcessingNovember 30, 2007 IBM Internet Security Systems
Payment Processing
Fidelity Information Services - eFunds Prepaid Solutions
Payment ProcessingApril 30, 2008 Trustwave
Fidelity Information Services - India BPO
Billing and Customer SupportSeptember 30, 2008 IBM Internet Security Systems
Fidelity Information Services - Little Rock
Debit Card ProcessingMay 31, 2008 IBM Internet Security Systems
Payment Processing
Fidelity Information Services - Norcross GA
Payment ProcessingApril 30, 2008 IBM Internet Security Systems
Fidelity Information Services - Plainview
Remittance ProcessingSeptember 30, 2008 IBM Internet Security Systems
Fidelity Information Services - St. Petersburg
Remittance ProcessingSeptember 30, 2008 IBM Internet Security Systems
9 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Fidelity Information Services Lisle - Remittance Processing
Remittance ProcessingNovember 30, 2007 IBM Internet Security Systems
Fifth Third Processing Solutions - Issuing and Switch-Providing Systems
Payment ProcessingJune 30, 2008 Trustwave
Fifth Third Processing Solutions-Acquiring Systems
Payment ProcessingJune 30, 2008 Trustwave
First American Payment Systems Merchant Payment ProcessingJune 30, 2008 IBM Internet Security Systems
First Data Government Solutions Merchant Payment ProcessingDecember 31, 2007 Trustwave
First Data International-China Merchant Payment ProcessingSeptember 30, 2008 Trustwave
First Data Merchant Services Payment ProcessingDecember 31, 2007 Trustwave
First Data Resources Payment ProcessingJanuary 31, 2008 Trustwave
First Data Retail ATM Services (formerly known as Concord Processing)
ATM ProcessingSeptember 30, 2008 Trustwave
First Hawaiian Bank Payment ProcessingJuly 31, 2008 Trustwave
First Horizon Merchant Services Payment ProcessingOctober 31, 2007 CyberTrust
First National Bank of Omaha Payment ProcessingJanuary 31, 2008 Trustwave
First National Merchant Solutions Payment ProcessingJanuary 31, 2008 Trustwave
First National Technology Solutions
Co-Location HostingMarch 31, 2008 Trustwave
Managed Hosting
10 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
First National Technology Solutions
Physical SecurityMarch 31, 2008 Trustwave
FirstBank Data Corporation Payment ProcessingAugust 31, 2008 CyberTrust
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Integrated Payment Systems (IPS) Denver, a First Data Company
Kubra Data Transfer, Inc. Merchant Payment ProcessingJuly 31, 2008 Trustwave
Kudzu Internet Payment GatewaySeptember 30, 2008 ControlCase
Lethoff, Inc. Merchant Payment ProcessingNovember 30, 2007 CyberTrust
13 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Lighthouse1 Health Savings Account ServicesJuly 31, 2008 Self-Assessment
Meta Payment Systems IssuerApril 30, 2008 Trustwave
Metavante Biller Service Provider (BSP)
Bill Payment ProcessingSeptember 30, 2008 Trustwave
14 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
Oracle on Demand Managed Merchant HostingAugust 31, 2008 Coalfire
ORCC - eCommerce Division: Columbus
Merchant Payment ServicesMay 31, 2008 Trustwave
ORCC - eCommerce Division: Princeton
Merchant Payment ProcessingMay 31, 2008 Trustwave
16 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
OrderMotion Order FulfillmentMay 31, 2007 Jefferson Wells
OrderTalk Internet Payment ProcessingSeptember 30, 2008 Trustwave
Paciolan, Inc. Merchant Payment ProcessingOctober 31, 2007 Trustwave
Palm Coast Data Order FulfillmentJanuary 31, 2008 K3DES
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
POST Integrations, Inc. Payment ProcessingApril 30, 2008 CyberTrust
RemitCo, a First Data Company Merchant Payment ProcessingSeptember 30, 2008 Trustwave
RentPayment Bill Payment ProcessingApril 30, 2008 SecurityMetrics
Resurgent Capital Services Bankruptcy Notification ServicesAugust 31, 2008 Protiviti
Credit Card Services
18 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
RevTrak, Inc Internet Payment ProcessingApril 30, 2008 SecurityMetrics, Inc
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
The Members Group Payment ProcessingJanuary 31, 2008 RSM McGladrey
20 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Thermeon, Corporation Payment GatewayApril 30, 2008 Tevora Business Solutions
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
VIPGift Gift Card ProcessingJuly 31, 2007 Self-Assessment
Stored Value Card Management
22 of 23
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.
SERVICE PROVIDERVALIDATION
DATESERVICES
COVERED BY REVIEW (1) ASSESSOR
List of Compliant Service Providers - All
Visa, Inc. & Visa Data Processing Payment ProcessingAugust 31, 2008 Trustwave
Voice Data Solutions Payment ProcessingSeptember 30, 2007 Trustwave
Volusion Internet Payment GatewayJanuary 31, 2008 Payment Software Company (PSC)
(1) PCI DSS assessments represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers.
Inclusion on this list indicates only that the service provider successfully completed a PCI DSS assessment for their validation level, based on the report of an independent Qualified Security Assessor (QSA). Visa does not endorse the service providers or their business processes or practices.
Visa has no duty to clients, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report.