We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Your selected question

If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?

PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by each payment brand individually.

Depending on the marks on those corporate cards, please contact the applicable payment brands listed below for their validation requirements:

cisp@visa.com
american.express.data.security@aexp.com
askdatasecurity@discoverfinancial.com
riskmanagement@jcbati.com

Note: when Barclaycard issues corporate cards to merchants and merchants store, process or transmit the card information on their systems, these will fall in
scope for PCI DSS.

How useful did you find the answer given?

Not at all Very useful