Your selected question
If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?
PCI DSS applies to any entity that stores, processes, or transmits cardholder data. Whether entities with cardholder data on their own corporate cards need to validate compliance is determined by each payment brand individually.
Depending on the marks on those corporate cards, please contact the applicable payment brands listed below for their validation requirements:
Note: when Barclaycard issues corporate cards to merchants and merchants store, process or transmit the card information on their systems, these will fall in
scope for PCI DSS.
How useful did you find the answer given?Not at all Very useful