0 оценок0% нашли этот документ полезным (0 голосов)
476 просмотров54 страницы
A company's name appears on This Compliant Service Provider List if it has received an Attestation of Compliance by a Qualified Security Assessor. The date of the attestation and the name of the QSA are also provided. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.
A company's name appears on This Compliant Service Provider List if it has received an Attestation of Compliance by a Qualified Security Assessor. The date of the attestation and the name of the QSA are also provided. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.
A company's name appears on This Compliant Service Provider List if it has received an Attestation of Compliance by a Qualified Security Assessor. The date of the attestation and the name of the QSA are also provided. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.
A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. 1&1 Internet AG (1&1, 1&1 ipayment, ipayment.de) 05/12/2014 Security Research & Consulting GmbH Europe 1Link (Guarantee) Limited 11/22/2013 Trustwave SAMEA 1stPayGateway 06/20/2014 IBM Internet Security Systems (ISS) US 2000Charge Inc. 07/03/2013 Information Exchange Inc. US 24 Solutions AB 06/12/2014 CryptoNet Srl Europe 2C Processor USA, LLC 02/25/2014 Information Exchange Inc. US 2C2P Pte., Ltd. 01/06/2014 Trustwave Asia Pacific 3 Delta Systems, Inc. 08/11/2014 Fortrex US 3Cinteractive, LLC 08/08/2014 Online Enterprises US 3dCart (Informat 2000 Corp) 02/06/2014 SecurityMetrics US 5th Dimension, LLC 02/15/2014 K3DES LLC US 888 US Ltd (for the Delaware & New-Jersey & Nevada sites) (888 US Ltd, 888 Liberty, 888 Atlantic, 888 Holdings, Cassava, Dixie) 12/15/2013 GRSee Consulting US 888extramoney.com (Extrameasures) 05/27/2014 Coalfire Systems, Inc. US A6IT Ltd. 06/26/2013 Kyte Consultants, Ltd. Europe ABC Financial Services, Inc. 06/20/2014 Coalfire Systems, Inc. US Abtran Ltd. 10/01/2013 Rits Europe Acadaca, LLC 03/10/2014 Fortrex US Monday, September 15, 2014 Page 1 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Accel Networks 03/19/2014 Trustwave US Accelerated Payment Technologies: a division of Global Payments Direct, Inc. 07/30/2014 Payment Software Company (PSC) US Accellence (Thailand) Ltd. 08/24/2014 Atos Worldline (Malaysia) Sdn Bhd Asia Pacific Accelya Madrid - Vivaldi Product 12/30/2013 Trustwave Europe ACCEO Solutions Inc. 08/27/2014 Trustwave Acceptiva, LLC 03/06/2014 Trustwave US Accertify, Inc. 06/06/2014 Halock Security Labs US Accesso, LLC 03/06/2014 Trustwave US AccountNow/Ready Financial Group 08/06/2013 Trustwave US Accullink Inc. (Acculynk, Inc.) 02/06/2014 Trustwave US ACI Worldwide (eps) AG 12/16/2013 Solutionary, Inc. Europe ACI Worldwide, Inc. - eCommerce Division - Columbus (ORCC-Columbus) 10/02/2013 Trustwave US ACI Worldwide, Inc. - eCommerce Division - Parsippany (ORCC - eCommerce Parsippany Division) 10/01/2013 Trustwave US ACI Worldwide, Inc. (PRM, Retail On Demand, and Postilion Retail Environments) 12/27/2013 Trustwave US Active Network (Infospherix, ReserveWorld, AWO) 12/09/2013 K3DES LLC US Adaptive Payments, Inc. 11/15/2013 403 Labs, LLC US Adflex Limited 05/14/2014 Evolution LTD Europe Aditya Birla Minacs Worldwide Inc. 07/12/2013 Trustwave Canada Advam Pty Ltd. 01/30/2014 Securus Global Consulting Asia Pacific Advent Financial 11/04/2013 DirectDefense US Adyen B.V. 07/09/2014 Trustwave Europe Aegis USA, Inc. 06/16/2014 K3DES LLC US Monday, September 15, 2014 Page 2 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Affiliated Acceptance Corporation 10/11/2013 Trustwave US Affina, LLC (HGS-USA) 01/24/2014 Coalfire Systems, Inc. US Affinion Benefits Group 12/27/2013 Trustwave US Affinion International 10/22/2013 Trustwave Europe Affinity Solutions 12/10/2013 Coalfire Systems, Inc. US Agilysys NV LLC 07/30/2014 Coalfire Systems, Inc. US Aimia Proprietary Loyalty Canada Inc. - Enhancement Services 06/19/2014 K3DES LLC Canada Aimia Proprietary Loyalty U.S. Inc. (formerly Carlson Marketing Group) 05/28/2014 ControlCase US Airline Reporting Corporation (ARC) 11/08/2013 Brightline CPAs & Associates, Inc. US Aizan Technologies Inc. 09/30/2013 Datassurant Canada Akamai Technologies Inc. 07/22/2014 Neohapsis US Alacriti, Inc. 01/24/2014 Foresite MSP, LLC US Alaska Option Services Corporation 04/10/2014 K3DES LLC US Alegeus Technologies, LLC 05/05/2014 Trustwave US Alert Communications Ltd. 06/23/2014 Kyte Consultants, Ltd. Europe Aliaswire, Inc. 11/25/2013 Foresite MSP, LLC US Alliance Data - Retail Services 11/19/2013 Verizon/Cybertrust US Allied Wallet Ltd. (GTBill, Baltic Bill) 04/06/2014 Trustwave US Allus Global BPO Center 02/06/2014 Trustwave Alorica 12/03/2013 K3DES LLC US Alpha Card Services Inc. 10/18/2013 Information Exchange Inc. US Altapay Denmark (formerly Pensio A/S) 08/30/2014 FortConsult A/S Europe Altech Card Solutions, a division of Altech Data (Pty) Limited 02/26/2014 Trustwave SAMEA Altech NuPay 04/16/2014 Sysnet Ltd. SAMEA Monday, September 15, 2014 Page 3 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. AMARA Tech (Pty) Ltd. 10/30/2013 Sysnet Ltd. SAMEA Amazon Web Services, LLC 07/31/2014 Coalfire Systems, Inc. US Amazon.com, Inc. 05/29/2014 Coalfire Systems, Inc. US American Bancard, LLC (Touchsuite) 01/10/2014 Enterprise Risk Management US American Data Technology Inc. 04/25/2014 Specialized Security Services, Inc. US Americaneagle.com (Svanaco, Inc.) 10/24/2013 Fortrex US Anderson Zaks Ltd. 01/09/2014 2-sec Ltd. Europe AOC Solutions, Inc. 10/01/2013 Fortrex US AOL Inc. 11/25/2013 IOActive, Inc. US APCO Limited 07/10/2013 Kyte Consultants, Ltd. Europe Aperia Solutions (formerly Data Delivery Services, Inc.) 04/30/2014 Coalfire Systems, Inc. US Apriva, LLC (formerly APPSware Wireless, LLC) 08/25/2014 Brightline CPAs & Associates, Inc. US Arab Financial Services B.S.C. 05/16/2014 SISA Information Security Pvt. Ltd. SAMEA Area101, Inc 10/02/2013 Security Horizon, Inc. US Arena Plus LTD 04/01/2014 Comsec Consulting, Ltd. Europe Argus Payments Inc. 12/13/2013 403 Labs, LLC US Aria Systems, Inc. 12/19/2013 Trustwave US Arise Virtual Solutions 05/31/2014 Online Enterprises US Armenian Card CJSC (ARCA) 08/23/2013 Informzaschita Europe Artez Interactive 12/15/2013 ControlCase Canada Arvato Distribution GmbH 01/07/2014 TUV SUD Management Service GmbH Europe Arvato Finance Services Ltd. 04/07/2014 TUV SUD Management Service GmbH Europe Ashburn International 12/06/2013 FortConsult A/S Europe AsiaPay (Hong Kong) Limited 02/27/2014 Trustwave Asia Pacific ASJ Inc. 06/06/2014 Verizon/Cybertrust Asia Pacific Monday, September 15, 2014 Page 4 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Asseco SEE d.o.o. 07/01/2014 VOC-Consultancy BV Europe Asseco SEE Teknoloji A. (formerly Elektronik Sanal Ticaret Bilisim Hizmetieri A.S. (EST A.S.)) 03/14/2014 Evolution LTD Europe ASSIST.Technology (LLC) (formerly Modern Payment Solutions Ltd.) 05/03/2014 Security Research & Consulting GmbH Europe AT&T Managed Services Security Event and Threat Analysis (SETA) 11/15/2013 Trustwave US AT&T Hosted Integrated Contact Services (AT&T HICS) 09/13/2013 Trustwave US AT&T Managed Firewall Service - Premise Based 07/15/2014 Trustwave US AT&T Managed Hosting and Application Services 10/21/2013 Trustwave US AT&T Managed Services - AT&T Content Delivery Network (ACDN) 07/15/2014 Trustwave US AT&T Managed Services - AT&T Encryption Services (AES) 10/16/2013 Trustwave US AT&T Managed Services - AT&T Network Based IP VPN Remote Access Service/AT&T VPN Tunneling Service (ANIRAIAVTS) 05/09/2014 Trustwave US AT&T Managed Services - AT&T Virtual Private Network Service (AVPN)/Enhanced Virtual Private Network (EVPN)/Private Network Transport (PNT) 07/15/2014 Trustwave US AT&T Managed Services - Intrusion Detection Services & Intrusion Prevention Services (IDS/IPS) 06/28/2013 Trustwave US AT&T Managed Services - IP Telephony and LAN Services (IPT/LS) 07/15/2014 Trustwave US AT&T Managed Services - Managed Router Services (MRS) 07/15/2014 Trustwave US AT&T Managed Services - Network Based Firewall (NBFW) 07/15/2014 Trustwave US AT&T Managed Services - VoiceTone/Interactive Voice Services-Advanced Plus 07/15/2014 Trustwave US Monday, September 15, 2014 Page 5 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. AT&T Synaptic Compute as a Service (CaaS) 01/14/2014 Trustwave US AT&T Synaptic Hosting 10/29/2013 Trustwave US AT&T Synaptic Platform as a Service (PaaS) 01/22/2014 Trustwave US AT&T Synaptic Storage as a Service (SaaS) 01/22/2014 Trustwave US AT&T Ultravailable Storage 04/29/2014 Trustwave US AT&T WiFi Services 03/10/2014 Trustwave US Athenahealth, Inc. 12/09/2013 Trustwave US Atlatl, Inc (First One Now, LLC; Simply Easier Payments) 10/28/2013 Trustwave US ATOS Information Technology GmbH 08/15/2014 usd AG Europe Atos Services (M) Sdn Bhd. 11/08/2013 Trustwave Asia Pacific ATOS Worldline (Belgium) - (Banksys) 03/14/2014 Trustwave Europe Atos Worldline GmbH 12/06/2013 usd AG Europe Atos Worldline India Pvt. Ltd (Worldline E- payment Services) 01/23/2014 Trustwave SAMEA Atos Worldline SA (Worldline RBU3, Regional Business Unit France) 09/12/2014 Trustwave Europe Atrada Trading Network AG 12/05/2013 TUV SUD Management Service GmbH Europe Auchan, LLC 11/29/2013 Informzaschita Europe AudienceView Ticketing Corporation 07/30/2014 NCI Secured Intelligence Canada Auric Systems International (Appropriate Solutions, Inc.) 09/30/2013 Payment Software Company (PSC) US Aurora Financial Systems, Inc. (AFS Card Services) 06/14/2014 403 Labs, LLC US Aurus Inc. 11/30/2013 K3DES LLC US Autonomy HP (LiveVault) 11/25/2013 Neohapsis US AzeriCard LLC 06/09/2014 Trustwave Europe Balanced (formerly Pound Payments) 10/31/2013 Coalfire Systems, Inc. US Monday, September 15, 2014 Page 6 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Bancard S.A. 07/28/2014 CYBSEC Security Systems Latin Americ Bank Organization for Payments Initiated by Cards Ltd (BORICA) 07/28/2014 Security Research & Consulting GmbH Europe Bankalararas Kart Merkezi A.. (BKM) 03/14/2014 Biznet Information Systems Europe Bankart - Procesiranje Placilnih Instrumentov d.o.o. 05/16/2014 IBM Internet Security Systems (ISS) Europe BankCard USA Merchant Services 01/23/2014 Trustwave US Barclaycard ePDQ 02/24/2014 NTT Security Ltd. Europe Barclaycard SmartPay 07/31/2014 Trustwave Europe Bayern Card-Services GmbH (BCS) 03/10/2014 usd AG Europe BC Victoriabank SA (JSCB Victoriabank) 11/18/2013 Trustwave Europe Beanstream Internet Commerce Inc. 01/13/2014 Control Gap Inc. Canada Bendigo Community Telco 08/31/2013 K3DES LLC Asia Pacific Benefitfocus.com Inc. (Benefitfocus) 03/27/2014 Fortrex US BEPSA del Paraguay SAECA 04/21/2014 CYBSEC Security Systems Latin Americ Bescontact, Ltd. (i-free) 06/21/2013 Digital Security Europe Bigcommerce Pty Ltd. (formerly Interspire Pty 05/04/2014 Payment Software Company (PSC) Asia Pacific Bill 1st, LLC 10/30/2013 SecurityMetrics US Billing System Corporation 11/26/2013 International Certificate Authority of Mgt Syst Asia Pacific Billtrust (Factor Systems, Inc.) 03/07/2014 CrimsonSecurity US Blackbaud Internet Services 06/24/2014 Brightline CPAs & Associates, Inc. US Blackbaud Payment Service 02/12/2014 Brightline CPAs & Associates, Inc. US BluePay Processing LLC 09/30/2013 Trustwave US Bluesnap Inc. 07/24/2014 Comsec Consulting, Ltd. SAMEA BMI Fulfillment Services (Bluemenfield Marketing, INC) 06/01/2014 UHY Advisors TX, LLC US Bora Payment Systems LLC 06/25/2013 Raveneye US Monday, September 15, 2014 Page 7 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. BPS Info Solutions, Inc. (UltraCart) 08/01/2014 CompliancePoint, Inc. US Braintree Payment Solutions 02/05/2014 Trustwave US BridgePay Network Solutions, Inc. (T-Gate Payments) 04/15/2014 A-Lign Security and Compliance Services US Brightwell Payments Inc. (formerly Prepaid Solutions Inc.) 02/05/2014 Information Exchange Inc. US Brinkman Financial Company, L.P. 07/31/2014 K3DES LLC US BSG Payments Inc. (BSG Clearing LLC) 02/14/2014 Trustwave US BTB Soft, Inc. 01/31/2014 Foresite MSP, LLC US Buckaroo Online Payment Services B.V. 09/12/2013 Trustwave Europe Bypass Mobile, LLC 05/23/2014 SecurityMetrics US Bytemark, Inc. 06/24/2014 SecurityMetrics BZWBK SA (Bank Zachodni WBK SA) 03/14/2014 Sysnet Ltd. Europe CA Technologies (Arcot) 03/31/2014 SISA Information Security Pvt. Ltd. US Cabal Brazil Ltda. 02/13/2014 Trustwave Latin Americ Cale Access AB 06/13/2014 Trustwave Europe Caledon Card Services 05/30/2014 Secured Net Solutions Inc. Canada Camis 06/27/2014 (3S) Salient Security Solutions, Inc. Canada Cantaloupe Systems, Inc. 08/06/2014 Truvantis, Inc. US Capita Business Services (Capita Software Services) 11/26/2013 Trustwave Europe Capital Card Services, Inc. 04/27/2014 Trustwave US Capital Payments LLC (Bluefin Payment Systems / Blue Financial Corporation) 06/12/2014 403 Labs, LLC US Card Access Services Pty Ltd. 09/12/2014 Trustwave Asia Pacific Card Assets, LLC (formerly BV Card Assets) 11/01/2013 CompliancePoint, Inc. US Card Express, Inc. 04/16/2014 Information Exchange Inc. US Monday, September 15, 2014 Page 8 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. CardConnect (formerly Princeton Payments Solutions, LLC) 09/19/2013 SecurityMetrics US CardFlight, Inc 04/18/2014 SecurityMetrics Cardinal Commerce Corporation 12/11/2013 Payment Software Company (PSC) US Cardlink S.A. 05/14/2014 Encode SA Europe Cardlink Services Limited (CSL) (The BPAY Group; BPAY Pty Ltd) 06/24/2014 Securus Global Consulting Asia Pacific Cardpay Inc. 08/20/2013 Vectra Corporation Asia Pacific CardProcess GmbH (VR-PAY Virtuell, POS- Netzbetrieb) 10/14/2013 Security Research & Consulting GmbH Europe CardSmith, LLC 08/08/2013 Trustwave US CardSpring 10/29/2013 Trustwave US Cardstream Limited 09/13/2013 Ambersail Europe Cardtranz 04/03/2014 Trustwave US CardWorks Servicing, LLC 02/12/2014 Trustwave US Carlson Hotels, Inc. 11/18/2013 Coalfire Systems, Inc. US Carta Solutions Processing Services Corp. 07/26/2013 Trustwave Canada CartaSi S.p.A. (formerly Key Client Cards & Solutions S.p.A.) 06/30/2014 Verizon/Cybertrust Europe Cartera Commerce LLC (formerly Vesdia Corporation) 06/17/2013 Neohapsis US Cashier Live, LLC 11/15/2013 Trustwave US CashLINQ Group, LLC 07/17/2014 SecurityMetrics US Cashtronics Ltd. 08/19/2013 Kyte Consultants, Ltd. Europe C-CARD 01/29/2014 Verizon/Cybertrust Europe CDS Global Inc. (PayDQ Gateway) 11/26/2013 Solutionary, Inc. US Cedar Document Technologies 01/14/2014 Foresite MSP, LLC US Cendyn (Central Dynamics) 01/29/2014 SecurityMetrics US Monday, September 15, 2014 Page 9 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. CenPos Inc. 08/26/2014 Enterprise Risk Management US Centrum Rozlicze Elektronicznych Polskie ePatnoci S.A. (PeP) 03/31/2014 IBM Internet Security Systems (ISS) Europe Certain Software, Inc. 09/09/2013 Coalfire Systems, Inc. US Certified Payments 04/03/2014 Trustwave US Cetrel a SIX Group Company 07/15/2014 IT Works Europe CGI Bank and Card Services 04/16/2014 Trustwave Europe Charge Anywhere, LLC (Comstar Interactive) 04/28/2014 Trustwave US Chargify, LLC 01/24/2014 Brightline CPAs & Associates, Inc. US Checkout Technology Limited 09/05/2014 Sysnet Ltd. Europe China Unionpay Data Services Co., Ltd (CUPData) 02/18/2014 Trustwave Asia Pacific Chip Card a.d 05/16/2014 VOC-Consultancy BV Europe ChronoPay B. V. 06/30/2014 Security Research & Consulting GmbH Europe Cintas Document Management - Shredding (Shred-it USA LLC) 07/31/2014 Crowe Horwath LLP US Civica UK Ltd 07/29/2014 Trustwave Europe CJSC Cyberplat 05/26/2014 Sysnet Ltd. Europe CJSC PC "CardStandard" (Previously West Siberian Processing Center) 02/19/2014 Trustwave Europe Clear Choice Merchant Services (ClearGate) 07/10/2014 Information Exchange Inc. US Clearent 04/30/2014 Coalfire Systems, Inc. US ClearTran 06/20/2014 SecurityMetrics US Cleverbridge AG 02/11/2014 Security Research & Consulting GmbH Europe CNHC, LLC (ePay Healthcare) 01/15/2014 403 Labs, LLC US Cobalt Telephone Technologies 05/06/2014 Trustwave Europe Cobre BEM-WortdPay 08/29/2014 Sysnet Ltd. Latin Americ Monday, September 15, 2014 Page 10 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. CoKinetic Systems India Pvt Ltd 03/07/2014 SISA Information Security Pvt. Ltd. SAMEA CollegeNET 03/26/2014 Coalfire Systems, Inc. US Columbus Data Services LLC (CDS) (Innovus) 01/15/2014 K3DES LLC US Comdata Inc. 10/11/2013 K3DES LLC US CommerceGate Ireland Ltd. 06/24/2014 Trustwave Europe CommuniGate GmbH 01/15/2014 usd AG Europe Compass Plus Ltd. 10/15/2013 Trustwave Europe Complete Merchant Solutions 03/11/2014 SecurityMetrics US Complete Payment Systems (Latvia) 10/15/2013 NTT Security Ltd. Europe Comprise Technologies, Inc. 03/12/2014 403 Labs, LLC US Computer Services, Inc. 07/18/2014 Crowe Horwath LLP US Computercentrum C.van de Velden B.V. (CCV Holland) 03/03/2014 TUV SUD Management Service GmbH Europe CompuTop Wirtschaftsinformatik GmbH 03/24/2014 TUV SUD Management Service GmbH Europe Conductor Tecnologia S/A 01/31/2014 Cipher Informatica Latin Americ Confederacion Espanola de Cajas de Ahorros (CECABANK) 05/31/2014 S21sec Gestion, S.A. Europe Connexions Loyalty Travel Solutions (CLTS) 10/17/2013 Trustwave US Connextions, Inc. 06/21/2013 Trustwave US Consorcio Credicard C.A. 11/01/2013 IQ Information Quality Latin Americ Consorcio de Tarjetas Dominicanas, S.A. (Cardnet.com) 04/30/2014 AT&T Consulting Solutions, Inc. (Verisign) Latin Americ Consorzio Triveneto S.p.A. 01/16/2014 KIMA Projects & Services Europe ControlScan (formerly CRE Secure Payments LLC) 07/15/2014 Coalfire Systems, Inc. US Convenient Payments, LLC (formerly Government Payments LLC) 12/04/2013 Trustwave US Convergence Technologies, Inc. (IPPAY) 02/15/2014 403 Labs, LLC US Monday, September 15, 2014 Page 11 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Convergys Interaction Recording Platform 07/18/2014 Fortrex US Convergys (Professional Tuning Services) [formerly Convergys Intervoice] 06/17/2014 Fortrex US Convergys CCMS 08/26/2014 Fortrex US Convergys Encore 12/09/2013 Fortrex US Convergys Home Agent 06/27/2014 Fortrex US Co-Op Financial Services (CU COOPERATIVE SYSTEMS, INC) 03/17/2014 Tevora Business Solutions US Corduro Inc. (Corduro Processing; Corduro Merchant Services) 07/01/2014 Trustwave US CoreCard Software, Inc. 10/01/2013 CompliancePoint, Inc. US CoreCommerce 03/11/2014 Trustwave US Cornerstone Group of Companies Limited 04/10/2014 The Herjavec Group Inc. Canada Corporacion De Servvicios Financieros y Alianzas, C. por A. (Cosefi) 04/03/2014 Trustwave Latin Americ Corserv Holdings Inc. 08/26/2013 CompliancePoint, Inc. US Corum Group Ltd. 08/14/2013 Trustwave Asia Pacific Corvus Info d.o.o 09/12/2013 Trustwave Europe Credencial Argentina S.A. 10/24/2013 CYBSEC Security Systems Latin Americ Credibanco (Asociacion Gremial De Instituciones Financieras Credibanco) 07/30/2013 Xtrategies Latin Americ Credimatic S.A 12/30/2013 Trustwave Latin Americ Credit Card Services Inc. (BankCard Services) 12/30/2013 Trustwave US Credit Europe Bank Ltd. 04/09/2014 Trustwave Europe Credit Guard Ltd. 06/24/2013 Comsec Consulting, Ltd. Europe CreditCall Communications Ltd. 04/14/2014 Foregenix Limited Europe Credomatic of Florida, Inc. 08/30/2013 1st Secure IT, LLC US Croem, Inc. (Sigma Processing Group) 07/24/2014 Trustwave US Monday, September 15, 2014 Page 12 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Crosskey Banking Solutions 08/08/2014 Verizon/Cybertrust Europe CSC Denmark A/S (formerly CSC Airline Solution Denmark A/S) 08/21/2014 FortConsult A/S Europe CSCBank SAL (CSC Lebanon) 02/11/2014 O-C Group SAMEA CSG Media (Content Direct) 04/10/2014 Solutionary, Inc. US CSG Systems, Inc. - Interactive Messaging 04/30/2014 Solutionary, Inc. US CSI Software 12/11/2013 Trustwave US CSID (CSIDentity) 11/08/2013 Enterprise Risk Management US CSU Cardsystem S.A. 10/07/2013 Trustwave Latin Americ CT-Paiement (CT-Payment) 01/14/2014 Trustwave Canada Cubic Transportation Systems, Inc. (Vancouver Compass Program) 11/01/2013 Payment Software Company (PSC) Cvent, Inc. 08/01/2014 True Digital Security, Inc. US CyberSource (including Authorize.Net and CyberSource Managed Hosting) (CYBS KK) 08/30/2013 Trustwave US DanDomain A/S 04/18/2014 FortConsult A/S Europe DanubePay, a.s. 05/05/2014 Trustwave Europe Data Oceans 08/01/2014 CompliancePoint, Inc. US Data Paradigm, Inc. (DPI) 07/03/2014 Specialized Security Services, Inc. US Data Stream 06/26/2014 Information Exchange Inc. US DataCash Group Limited 08/15/2013 SecuriCentrix SAMEA Datacom Payment Manager (Datacom Group Ltd.) 10/18/2013 Confide Ltd. Asia Pacific DataDivider 08/25/2013 K3DES LLC US Dataline Systems, Inc. 12/15/2013 Trustwave US DataMatx, Inc. 12/10/2013 A-Lign Security and Compliance Services US DataPipe, Inc. 10/25/2013 Trustwave US Datatrans AG 05/27/2014 TUV SUD Management Service GmbH Europe Monday, September 15, 2014 Page 13 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Datatrax Technologies, Inc. 01/24/2014 SecurityMetrics Canada Davis + Henderson, Ltd. Partnership 09/05/2014 NCI Secured Intelligence Canada DAXKO, LLC 04/09/2014 Brightline CPAs & Associates, Inc. US DeepCove Laboratories, Ltd. 08/14/2014 Trustwave Canada Delego Software, Inc. 04/29/2014 Trustwave Canada Demandware, Inc. 08/28/2014 SecurityMetrics US Desjardin Card Services (Fdration des caisses Desjardins du Qubec) 09/09/2013 Trustwave Canada DHD Media (Digital Hemisphere Development LLC) 07/09/2013 Trustwave US DIBS Payments Services A/S 05/15/2014 FortConsult A/S Europe Digit Secure India Pvt Ltd. 05/25/2014 SecuriCentrix SAMEA Digital Payment Technologies Corp. 06/24/2014 Payment Software Company (PSC) Canada Digital River Inc. 06/30/2014 AppSec Consulting, Inc. US Digital River World Payments AB (a wholly owned subsidiary of Digital River, Inc.) 06/30/2014 AppSec Consulting, Inc. US Dimension Data Cloud Solutions, Inc. (OpSource, Inc.) 05/29/2014 Brightline CPAs & Associates, Inc. US Direct Insite Corp 08/22/2014 Enterprise Risk Management US Direct Mail Processors Inc. 01/30/2014 Fortrex US Direct Payment Solutions Limited (Direct Payment Solutions U.S. LLC) (Paymentexpress) 11/26/2013 Confide Ltd. Asia Pacific Docdata Payments B.V. 07/23/2014 VOC-Consultancy BV Europe Duncan Solutions (Duncan Parking Technologies Inc.) 07/02/2014 SecurityMetrics US Duncan Solutions (Professional Account Management) 08/26/2014 SecurityMetrics US Dydacomp Development Corp. 03/21/2014 Brightline CPAs & Associates, Inc. US Dzetta Processing Center 02/13/2014 Security Research & Consulting GmbH Europe Monday, September 15, 2014 Page 14 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Easy Soft LLC 03/03/2014 Sysnet Ltd. Europe EasyCash GmbH 05/11/2014 Trustwave Europe EasyPay (Pty) Ltd 04/29/2014 Trustwave SAMEA Ebocom, LLC (POST Integrations Inc.) 04/03/2014 Verizon/Cybertrust US EBRC (e-Business Resilience Center) 12/03/2013 IT Works Europe EC Suite LLC 08/31/2013 Coalfire Systems, Inc. US eCard Solutions Ltd. (ECS) 06/25/2014 Ambersail SAMEA E-Complish, LLC 02/12/2014 Trustwave US Econtext (Formerly Digital Garage Inc.) 11/30/2013 International Certificate Authority of Mgt Syst Asia Pacific ECSC Limited 04/16/2014 O-C Group Europe Edenred USA (Wired Commute, Commuter Check Services Corp, Edenred USA/North America) 07/12/2013 Compass IT Compliance US EdgeCast Networks, Inc. 03/31/2014 Tevora Business Solutions US Edgil Associates, Inc 01/31/2014 Foresite MSP, LLC US EDPS (Electronic Data Processing Source SA) 09/13/2013 O-C Group Europe EFT Canada Inc. 08/26/2013 Datassurant Canada EFTEX Pty Ltd 01/08/2014 Witham Laboratories Asia Pacific Eigen Development, LTD. 10/08/2013 Payment Software Company (PSC) Canada Elan Financial Services - Core Services 04/14/2014 Trustwave US Elavon (Formerly Southern Datacomm) 09/12/2013 Verizon/Cybertrust US Elavon Global Card Services 05/30/2014 Verizon/Cybertrust US Elavon Merchant Services Europe 04/30/2014 Verizon/Cybertrust US Elavon NA (formerly NOVA) 05/30/2014 Verizon/Cybertrust US Electracard Services Private Limited 09/10/2013 Verizon/Cybertrust SAMEA Electronic Funds Source, LLC (EFS - Chanhassen, MN) 12/18/2013 Lattimore, Black, Morgan and Cain, P.C. Monday, September 15, 2014 Page 15 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Electronic Funds Source, LLC (EFS - Ogden, UT) 12/18/2013 Lattimore, Black, Morgan and Cain, P.C. US Electronic Merchant Systems (OH based) 03/26/2014 Trustwave US Electronic Payment Exchange (EPX) (Phoenix Payment Systems, Inc.) 05/05/2014 Payment Software Company (PSC) US Electronic Payments, Inc. (NY) 07/30/2013 Information Exchange Inc. US Electronic Processing Services, LLC 05/20/2014 Information Exchange Inc. US Electronic Transaction Systems Corporation (ETS Corp) 09/05/2014 Verizon/Cybertrust US Element Payment Services Inc. 10/17/2013 SecurityMetrics US Emdeon 01/31/2014 Lattimore, Black, Morgan and Cain, P.C. US Emerging Markets Payments (EMP) (formerly Mediterranean Smart Cards Company) 12/06/2013 Trustwave SAMEA Emerging Markets Payments Jordan (EMP-J) 01/28/2014 Trustwave SAMEA Enacomm, Inc. 02/24/2014 True Digital Security, Inc. US Endeavour Internet Business Solutions Ltd. (EIBS) 05/08/2014 Odyssey Consultants Limited Europe eNett International (Singapore) Pte. Ltd. 11/01/2013 Securus Global Consulting Asia Pacific enStage Software Pvt Ltd. 07/04/2013 Stickman Consulting SAMEA Envoy Services Sweden AB 10/28/2013 FortConsult A/S Europe EOS Payment Solutions GmbH 08/20/2014 TUV SUD Management Service GmbH Europe Epay.bg 09/27/2013 Trustwave Europe Epicor Retail Solutions Corporation 03/14/2014 Trustwave Canada Epicor Software Solutions 05/23/2014 Trustwave US Epoch.com, LLC 11/15/2013 Protiviti US eProcessing Network, LLC 04/08/2014 Trustwave US EPS LT, UAB (formerly Universalios Valdymo Sistemos (UVS Lithuania)) 12/20/2013 Trustwave Europe Equens SE 03/27/2014 Noordbeek B.V. Europe Monday, September 15, 2014 Page 16 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Equens SE (Italy) - Acquirer and Issuer 08/08/2014 Noordbeek B.V. Ernex 07/18/2013 Trustwave Canada Escalion S.a.r.l. (Escalion) 11/15/2013 NTT Security Ltd. Europe Ethoca Ltd. 08/08/2014 Sysnet Ltd. Canada Euro Payment Group GmbH 10/08/2013 TUV SUD Management Service GmbH Europe Euro-Information 03/03/2014 Trustwave Europe Euronet Pakistan (PVT) Limited 05/27/2014 Risk Associates/Gaming Associates Inc. SAMEA Euronet Services India Private Limited 08/09/2013 ControlCase SAMEA Euronet Worldwide, European EFT Business 06/12/2014 Security Research & Consulting GmbH Europe EuroPayment Services S.R.L. (euplatesc.ro) 05/20/2014 Endava LTD Europe Eventbrite 03/18/2014 Coalfire Systems, Inc. US Evertec Latinoamrica S.A. (ATH Costa Rica, S.A.) 12/20/2013 1st Secure IT, LLC Latin Americ EVO Merchant Services Inc. 10/21/2013 Trustwave US Evolution1 04/18/2014 Compass IT Compliance US Evry Card Acquiring Services 03/14/2014 FortConsult A/S Europe EVRY Card Services AB 06/22/2014 FortConsult A/S Europe EVRY Card Services AS 12/20/2013 FortConsult A/S Europe Evry FD Card (EVRY AS Norge) 04/15/2014 FortConsult A/S Europe Evry Issuing Services 10/04/2013 FortConsult A/S Europe EVRY VINO/MAAS 01/10/2014 FortConsult A/S Europe eWAY Europe Limited (A subsidiary of Web Active Corporation Pty Ltd in Australia) 12/06/2013 Stratsec.net RTY LTD Europe E-xact Transactions (Canada) 05/31/2014 Trustwave Canada Experient, Inc. 12/06/2013 Trustwave US Expert Global Solutions, Inc. (NCO Group, Inc. and APAC Customer Services, Inc.) 12/20/2013 Payment Software Company (PSC) US Monday, September 15, 2014 Page 17 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. ExpiTrans, Inc. (ET Data Processing Services Inc.) 07/17/2013 ControlScan US EZ Facility.com, Inc. 09/13/2013 Trustwave US Ezic, Inc. 09/13/2013 Information Exchange Inc. US Ezidebit Pty Ltd. 08/07/2013 Trustwave Asia Pacific Farepayment AB 07/11/2013 Trustwave Europe Fast Print & System LTDA (Fast Solutions) 06/05/2014 Trustwave Latin Americ FBME Card Services Ltd. 12/24/2013 Nettitude Ltd. Europe FD do Brasil Solues de Pagamento Ltda (FD Brazil) 06/12/2014 Trustwave Latin Americ Fexco Merchant Services (Fexco DCC (Dynamic Currency Conversion Limited)) 05/10/2014 O-C Group Europe Fidelity Information Services - (FIS) International - EMEA-Ljubljana Branch Solvenia 07/18/2014 Trustwave Europe Fidelity Information Services - Electronic Payment Presentment (FIS-EPP) 08/21/2014 Trustwave US Fidelity Information Services - EZCard Charlotte, NC 04/25/2014 Trustwave US Fidelity Information Services - Output Solutions St. Petersburg 10/21/2013 Trustwave US Fidelity Information Services (FIS) - Certegy Card Services 09/13/2013 Trustwave US Fidelity Information Services (FIS) - Certegy Limited 11/08/2013 Trustwave Europe Fidelity Information Services (FIS) - Chicago Authnet 01/02/2014 Trustwave US Fidelity Information Services (FIS) - Chile 02/03/2014 Trustwave Latin Americ Fidelity Information Services (FIS) - Clear Commerce - New Berlin 06/02/2014 Trustwave US Fidelity Information Services (FIS) - EFT / Payment Processing Norcross, GA 05/23/2014 Trustwave US Monday, September 15, 2014 Page 18 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Fidelity Information Services (FIS) - Issuing Solutions, Debit Account, Healthcare Payment Card and Prepaid Card Solutions 04/24/2014 Trustwave US Fidelity Information Services (FIS) - Profile Outsourcing 12/13/2013 Trustwave US Fidelity Information Services (FIS) Australasia Pty PP Ltd 04/22/2014 Trustwave Asia Pacific Fidelity Information Services (FIS)- Card Processing and Data Center Little Rock, AR 05/29/2014 Trustwave US Fidelity Information Services (FIS) Electronic Payments New Berlin, WI 09/13/2013 Trustwave US Fidelity Information Services (FIS) PayDirect Solutions - Government (fomerly Link2Gov, Inc.) 03/15/2014 Trustwave US Fidelity Information Services (FIS) Payment and Solutions Services (PSS) India 10/11/2013 Trustwave Asia Pacific Fidelity Information Services (FIS) Remittance Processing, Lisle IL. 02/03/2014 Trustwave US Fidelity Information Services (FIS) Remittance Processing, St. Petersburg, FL. 10/14/2013 Trustwave US Fidelity Information Services (FIS) Sunrise Prepaid Processing 07/03/2014 IBM Internet Security Systems (ISS) US Fidelity Information Services (FIS) WebVault 04/29/2014 Trustwave US Fidelity Information Services, Inc. - Output Solutions San Antonio 05/05/2014 Trustwave US Fifth Gear 07/31/2014 Trustwave US Financial Software and Systems Pvt. Ltd. (FSSNeT- Payment Gateway Services) 08/29/2013 ControlCase SAMEA Financial Transmission Network, Inc. 06/20/2014 Trustwave US Finanz Informatik Technologie Service GmbH & Co. KG 02/14/2014 usd AG Europe FINEXUS International Sdn Bhd 04/06/2014 Trustwave Asia Pacific Fintrax Teoranta 05/14/2014 Trustwave Europe Monday, September 15, 2014 Page 19 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. FireHost Inc. 05/31/2014 Coalfire Systems, Inc. US First American Payment Systems, LP 07/10/2014 IBM Internet Security Systems (ISS) US First Atlantic Commerce Ltd. 03/14/2014 Coalfire Systems, Inc. Latin Americ First Data - Concord Electronic Financial Systems (CEFS) (FD Clientline Reporting) 09/13/2013 Trustwave US First Data - Concord Financial Technologies (CFT) - (First Data Prepaid Services) 09/13/2013 Trustwave US First Data - Global Gateway (First Data - LinkPoint/First Data YourPay) 09/13/2013 Trustwave US First Data - Government Solutions (FDGS) 09/13/2013 Trustwave US First Data - Paypoint Electronic Payment Systems 09/13/2013 Trustwave US First Data - RemitCo 09/13/2013 Trustwave US First Data - Retail ATM Services 09/13/2013 Trustwave US First Data - Secure Transport (Datawire) 09/13/2013 Trustwave US First Data - Slovakia--Serbia 10/14/2013 Trustwave Europe First Data STAR (Networks, Processing and Systems Inc.) 09/13/2013 Trustwave US First Data - TeleCheck 09/13/2013 Trustwave US First Data CAC, (Processing Center, S.A.) 03/13/2014 Trustwave Latin Americ First Data India Pvt Ltd 04/03/2014 Trustwave SAMEA First Data International - China 08/29/2014 Trustwave Asia Pacific First Data International - Cono Sur (POSNET S.R.L) 03/11/2014 Trustwave Latin Americ First Data International - Deutschland (Germany) 09/10/2014 Trustwave Europe First Data International - Hellas (Greece) 11/01/2013 Trustwave Europe First Data International - Italy 11/13/2013 Trustwave Europe First Data International - Latvia 11/15/2013 Trustwave Europe First Data International - OmniPay Limited 10/29/2013 Trustwave Europe Monday, September 15, 2014 Page 20 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. First Data International - Polska S.A. (Polcard) 05/13/2014 Trustwave Europe First Data International - TeleCash / First Data Global Services 09/10/2014 Trustwave Europe First Data International - UAB First Data Lietuva (Lithuania) 11/15/2013 Trustwave Europe First Data International - United Kingdom 10/31/2013 Trustwave Europe First Data International ANZ (First Data ANZ; FD ANZ) 09/13/2013 Trustwave Asia Pacific First Data Merchant Services (PaySpring Merchant Services) 09/13/2013 Trustwave US First Data Resources 09/13/2013 Trustwave US First National of Nebraska, Inc. (FNNI, FNBO, FNMS Inc., SPC Inc.) 12/30/2013 Trustwave US First National Technology Solutions 04/01/2014 Trustwave US First Ukrainian International Bank 09/11/2014 FortConsult A/S Europe FirstView Financial, LLC. 09/13/2013 Trustwave US FIS - Biller Solution Product (SSP) 09/12/2013 Trustwave US FIS - Everlink 07/30/2014 Trustwave Canada FIS - Merchant Acquiring and Credit Card Account Processing Services 04/15/2014 Trustwave US FIS Brazil, Fidelity Processadora e Services SA (FPS) 05/07/2014 Trustwave Latin Americ Fiserv - ACCEL/Exchange 04/09/2014 Payment Software Company (PSC) US Fiserv - Advantage 08/08/2013 Payment Software Company (PSC) US Fiserv - Bank Solutions Eastern Region Atlanta Service Center Service Center 09/30/2013 Payment Software Company (PSC) US Fiserv - Bank Solutions Precision Outsourcing 08/30/2013 Payment Software Company (PSC) US Fiserv - Bank Solutions Premier Outsourcing Western Region Houston & Dallas Service Centers 02/26/2014 Payment Software Company (PSC) US Monday, September 15, 2014 Page 21 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Fiserv - Bank Solutions Product Management, Development and Support 07/03/2014 Payment Software Company (PSC) US Fiserv - Biller Solutions - CheckFreePay 07/11/2014 Payment Software Company (PSC) US Fiserv - Biller Solutions (Fiserv eBill) 12/23/2013 Payment Software Company (PSC) US Fiserv - BillMatrix 08/30/2014 Payment Software Company (PSC) US Fiserv - Card Services - Credit Services (Formerly assessed as Fiserv - EFT and Fiserv - Card Services - Credit) 03/25/2014 Payment Software Company (PSC) US Fiserv - Card Services - Debit Services 03/27/2014 Payment Software Company (PSC) US Fiserv - CashEdge 04/30/2014 Payment Software Company (PSC) US Fiserv - CUSA 10/24/2013 Payment Software Company (PSC) US Fiserv - Customer Solutions 11/11/2013 Payment Software Company (PSC) US Fiserv - Digital Channels (formerly Fiserv - E- Banklng Hillsboro) 09/16/2013 Payment Software Company (PSC) US Fiserv - Electronic Payments (formerly Fiserv Electronic Banking, Biller Solutions and Itech) 10/22/2013 Payment Software Company (PSC) US Fiserv - Enterprise Technology Group - Brookfield, WI Data Center 10/23/2013 Payment Software Company (PSC) US Fiserv - Enterprise Technology Group - John's Creek, GA and Lewisville, TX Data Centers 09/21/2013 Payment Software Company (PSC) US Fiserv - Galaxy 05/21/2014 Payment Software Company (PSC) US Fiserv - Lending Solutions - Contact and Service Center (Formerly Amherst Call Center) 03/10/2014 Payment Software Company (PSC) US Fiserv - Lending Solutions - LoanServ 11/21/2013 Payment Software Company (PSC) US Fiserv - Prepaid Solutions 02/21/2014 Payment Software Company (PSC) US Fiserv - Signature Development Lake Mary 07/23/2014 Payment Software Company (PSC) US Fiserv - Virtual Branch 12/20/2013 Payment Software Company (PSC) US Fiserv - XP2 05/14/2014 Payment Software Company (PSC) US Fiserv - Xroads 01/18/2014 Payment Software Company (PSC) US Monday, September 15, 2014 Page 22 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Fiserv Bank Solutions - Cleartouch Outsourcing 09/13/2013 Payment Software Company (PSC) US Fiserv Bank Solutions - Premier Outsourcing Eastern Region Brookfield Service Center 08/27/2013 Payment Software Company (PSC) US Fiserv Bank Solutions - Premier Outsourcing Western Region Des Moines Service Center 12/18/2013 Payment Software Company (PSC) US Fiserv India Pvt. Ltd. 07/25/2014 ControlCase SAMEA Fiserv OnCU 07/30/2013 Payment Software Company (PSC) US Fiserv Output Solutions - Electronic Document Delivery (EDD) 02/24/2014 Payment Software Company (PSC) US Florists Transworld Delivery, Inc 12/31/2013 Halock Security Labs US Forte Payment Systems (formerly ACH Direct) 01/10/2014 Trustwave US Forward Information Technologies (DataPak) (LWK LLC) 04/11/2014 Trustwave US FoxyCart.com, LLC 03/31/2014 Specialized Security Services, Inc. US FreedomPay, Inc. 08/01/2014 CompliancePoint, Inc. US Frontline Processing 06/01/2014 SecurityMetrics US FrontStream Payments, Inc. / FirstGiving Inc. 06/02/2014 ControlCase US Fry, Inc., a Michigan corporation (MICROS-Retail) 08/22/2014 Trustwave US FSV Payment Systems, Inc. 06/08/2014 K3DES LLC US Fujitsu America 02/28/2014 Verizon/Cybertrust US FundsTech Corporation PTY (LTD) (FNDS3000 Corp) 08/30/2013 Trustwave SAMEA Galileo Processing, Inc. 02/14/2014 SecurityMetrics US GARANTI BANKASI A.S/GARANTI TEKNOLOJI 10/11/2013 Biznet Information Systems Europe Gateway Ticketing Systems, Inc. 08/27/2013 Fortrex US Gazcardservice Ltd. 10/31/2013 Informzaschita Europe Genesis Financial Solutions, Inc. 07/03/2014 Trustwave US Monday, September 15, 2014 Page 23 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Genesys - Angel.com Division (formerly Angel.com Incorporated and Microstrategy Inc.) 10/18/2013 FishNet Security US Genesys - SoundBite Division (formerly SoundBite Communications) 09/25/2013 Verizon/Cybertrust US Genpact Guatemala SA 11/13/2013 ControlCase Latin Americ Genpact LLC Manila, Philippines (GEMA- RCF, GECA, GEMA RSF, Green Dot, Lexus Nexus, Dollar General, AstraZeneca, CITI Mortgage, Walgreen, HomeDepot, VFS Global, AETNA) 08/22/2013 ControlCase Asia Pacific GETNET Tecnologia em Processamento de transaes eletrnicas H.U.A LTDA 06/30/2014 Cipher Informatica Latin Americ Gisland Ltd. (Cassava, Brigend, 888 Holdings, Dixie, VMSI srl, 888 Spain PLC) 12/31/2013 GRSee Consulting Europe Global Cash Card - (World Processing Limited) 11/16/2013 Coalfire Systems, Inc. US Global Collect Services B.V. (Global Collect Services USA) 07/01/2013 Trustwave Europe Global Communication Planning Co., Ltd. 06/28/2013 BSI Management Systems Japan K.K. Asia Pacific Global Electronic Technology 04/15/2014 403 Labs, LLC US Global Payment Services - GPS W.L.L. 01/07/2014 SISA Information Security Pvt. Ltd. SAMEA Global Payments - GP UK LLP. 02/20/2014 Payment Software Company (PSC) US Global Payments Direct Inc. (Global Payments Global Service Center) 02/21/2014 Payment Software Company (PSC) US Global Payments Europe, s.r.o. 11/08/2013 Payment Software Company (PSC) Europe Global Processing SA 07/26/2014 Trustwave Latin Americ GMO Payment Gateway, Inc. (includes GMO Epsilon, Inc. environment) 12/28/2013 International Certificate Authority of Mgt Syst Asia Pacific GoConcierge.net (Innsight Reports LLC.) 01/31/2014 Accretive Solutions Operating Corp. US GoDaddy.oom, LLC (Quick Shopping Cart) 12/13/2013 Coalfire Systems, Inc. US GoEmerchants, LLC 06/20/2014 IBM Internet Security Systems (ISS) US Goldmine World, Inc. (World Bankcard Services) 08/13/2013 Sysnet Ltd. US Monday, September 15, 2014 Page 24 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Google Inc. 01/31/2014 Securisea, Inc. US Gotham Ingedigit Financial Processing Corp. (Power2Process, P2P) 09/13/2013 Trustwave US Govolution, Inc. 06/17/2014 IBM Internet Security Systems (ISS) US GP Net 09/30/2013 BSI Management Systems Japan K.K. Asia Pacific Grant Street Group 01/16/2014 SecurityMetrics US Green Dot Corporation (Next Estate Communications, Inc.) 10/09/2013 SecurityMetrics US Group ISO 04/14/2014 Foresite MSP, LLC US Groupon 05/13/2014 Trustwave US GSI Commerce Solutions, Inc. 10/11/2013 Trustwave US Guthy Renker Fulfillment Services 10/14/2013 Trustwave US Hamer Enterprises 11/08/2013 SecurityMetrics US Handpoint ehf. (formerly Median - rafraen midlun hf.) 07/18/2014 Trustwave Europe Harris Connect LLC 01/27/2014 Trustwave US Harte-Hanks, Inc. 09/11/2013 CyberEnsure, LLC US Heartland Payment Systems, Inc. 04/21/2014 Coalfire Systems, Inc. US Helcim Inc. 07/25/2014 Secured Net Solutions Inc. Canada Hewlett Packard (Canada) Co. - (TD Bank Environment) 06/30/2014 Protiviti Canada Higher One, Inc. (CASHNet) 01/20/2014 Coalfire Systems, Inc. US HighRadius Corporation 08/27/2014 Trustwave US Hitrust Incorporated 12/20/2013 Verizon/Cybertrust Asia Pacific HostedPCI Inc. 03/12/2014 NCI Secured Intelligence Canada Hosting.com, Inc. 07/12/2013 Trustwave US Hotelbeds Technology, S.L.U. 12/20/2013 Internet Security Auditors, S.L. Monday, September 15, 2014 Page 25 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Hotline LLC 06/27/2014 Sysnet Ltd. Europe HP - Enterprise Services Regional Cards and Payments Utility 09/04/2014 Trustwave US HP - Merchant Acquirer 12/30/2013 Protiviti US HP Enterprise Services - Convenience Pay 08/05/2014 Trustwave US HPC Heidelberger Payment Consulting GmbH 04/11/2014 usd AG Europe Hughes Network Systems 09/25/2013 IBM Internet Security Systems (ISS) US Humboldt Merchant Services (5967 Ventures) 06/25/2014 Trustwave US Hybris Canada (formerly iCongo, Inc.) 07/22/2013 FishNet Security Canada hyperWALLET Systems Inc. 10/21/2013 Bell Canada Canada i2c, Inc. (US, Canada, Latin America, Europe, Asia Pac, and SAMEA) 11/01/2013 Trustwave US IBM Payment Systems 10/11/2013 Trustwave Europe Immediate Travel Industry Switching (Pty) Ltd. 02/26/2014 Foregenix Limited Inatec Payment AG (Inatec Solutions GmbH) 08/28/2013 Infinity Security Consulting Europe Industry Retail Group, Inc. 02/12/2014 Coalfire Systems, Inc. US Inet-Cash GmbH 03/14/2014 usd AG Europe InfoCision Management Corporation (K & L Teleservices) 08/26/2014 SecurityMetrics US InfoGroup 04/23/2014 Solutionary, Inc. US InfusionSoft 07/29/2014 SecurityMetrics US Ingenico Iberia S.L. 09/26/2013 Trustwave Europe Innotrac, LLC 09/27/2013 Trustwave US Insight Card Services 12/30/2013 Information Exchange Inc. US In-Solutions Global Pvt Ltd (ISG) 03/12/2014 SISA Information Security Pvt. Ltd. SAMEA INSOnline Limited 06/18/2014 usd AG Europe Inspire Commerce, LLC 02/24/2014 Megaplanit, LLC Monday, September 15, 2014 Page 26 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. InstaMed Communications 02/12/2014 Trustwave US Integrity Payment Systems 10/01/2013 K3DES LLC InteliSpend Prepaid Solutions 08/19/2013 IBM Internet Security Systems (ISS) US Intelligent Payments Group (Myriad Payments Ltd, Matrix Payments Ltd) 02/07/2014 Trustwave Europe Intellipay, Inc. 01/03/2014 Trustwave US Interactive Communication International, Inc. (InComm) Datawave Systems, Inc. 09/28/2013 IBM Internet Security Systems (ISS) US Interactive Transaction Solutions Limited (ITS) 11/15/2013 O-C Group Europe Interbancos SA 08/06/2013 Trustwave SAMEA InterCard AG 12/19/2013 TUV SUD Management Service GmbH Europe INTERCEPT EFT 09/20/2013 Coalfire Systems, Inc. US Interface Security Systems 03/25/2014 SecurityMetrics US Interface Technologies (Reservit) 06/10/2014 XMCO Partners Europe International Automated Transaction Services (IATS) 08/24/2014 IBM Internet Security Systems (ISS) US International Bancard Corporation 11/08/2013 Information Exchange Inc. US International Card Processing Services Ltd. (ICPS) (Mauritius Commercial Bank Ltd. (MCB)) 08/07/2013 ControlCase SAMEA International Card Systems AD (Casys) 06/23/2014 TUV SUD Management Service GmbH Europe International Commerce Solutions, Inc. 09/11/2013 SecurityMetrics US International Payment Solutions (Shanghai) LTD. 02/05/2014 Trustwave Asia Pacific Internet Payment Exchange, Inc. (IpayX) 07/22/2014 Megaplanit, LLC US Internet Payment Service, Inc. (IPS) 02/20/2014 BSI Management Systems Japan K.K. Asia Pacific Internet Ticketing Systems, Inc. (PrintTixUSA, Diamond Payment Systems, Diamond Ticketing Systems, ImagiTix) 07/26/2013 SecurityMetrics US InterPoynt, LLC 01/24/2014 Trustwave US Monday, September 15, 2014 Page 27 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Intersections Inc. 10/20/2013 ControlCase US Interswitch Limited 09/26/2013 Trustwave SAMEA Intesa Sanpaolo Card limited liability company for card business 12/06/2013 Trustwave Europe Intesa Sanpaolo Card payment card processing and development Ltd 10/10/2013 TUV SUD Management Service GmbH Europe Intrix Technology Inc. 02/27/2014 Trustwave US Intuit BackOffice (Intuit Inc. - Innovative Merchant Solutions, LLC) 10/28/2013 Trustwave US Intuit, IMS (Innovative Merchant Services) 10/28/2013 Trustwave US Intuition Systems, Inc. 10/31/2013 SecurityMetrics US iPayment Technologies, Inc. 05/15/2014 Trustwave US IPG Holdings Limited (Cyprus, Reg No.: HE 201826) 11/13/2013 403 Labs, LLC Europe IPG Holdings Ltd. 11/19/2013 403 Labs, LLC Europe IPS Group Inc. (US) 10/16/2013 Tevora Business Solutions US iQmetrix Software Development Corp. 10/15/2013 Seccuris Inc. Canada Iridium Corporation Limited 01/24/2014 SecuriCentrix Europe IRN Payment Systems 10/25/2013 Information Exchange Inc. US Iron Mountain Information Management, Inc. 09/25/2013 Trustwave US IT Card Centrum Technologii Ptatniczych SA (IT Card S.A.) 08/06/2014 IBM Internet Security Systems (ISS) Europe ITAGroup, Inc. 10/31/2014 Trustwave US iZettle AB 07/04/2014 KnowIT Secure AB Europe J.J. Mackay Canada Limited / Mackay Meters, Inc. 11/15/2013 Trustwave Canada Japan Postec 09/30/2013 ASR.Co., LTD JCC Payment Systems 04/15/2014 Trustwave Europe JetPay, LLC 04/23/2014 Raveneye US Monday, September 15, 2014 Page 28 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. JHA Passport EFT Solutions 07/15/2014 Coalfire Systems, Inc. US JHA Payment Processing Solutions 07/21/2014 Coalfire Systems, Inc. US JNR, Inc. 02/17/2014 Moss Adams LLP US Joint Electronic Teller Services Limited (JETCO) 03/06/2014 Evolution LTD Asia Pacific Jonas Fitness, Inc. 07/15/2014 Payment Software Company (PSC) US J-Payment Inc. 04/30/2014 International Certificate Authority of Mgt Syst Asia Pacific JSC "International Financial Solutions" 11/22/2013 Security Research & Consulting GmbH Europe JSC Georgian Card 10/03/2013 Trustwave Europe JSC Kazkommertsbank (KazKom) 11/15/2013 FortConsult A/S SAMEA JSC Preprocessing center (Uniteller) 07/04/2014 Digital Security US JSC Sirena-Travel 03/17/2014 Informzaschita Europe JSC UkrCard 01/31/2014 Trustwave Europe Kalio, Inc. (D.M.insite) 03/14/2014 SecurityMetrics US Karbil Yazilim ve Bilisim Tek. Tic. Ltd. Sti (CordisNetwork) 10/03/2013 Biznet Information Systems Europe Kimbia, Inc. 08/29/2013 Compass IT Compliance US Klarna AB 11/12/2013 NTT Security Ltd. Kony Solutions, Inc. 06/03/2014 403 Labs, LLC US Korta Payments (Kortathjonustan hf) 03/14/2014 FortConsult A/S Europe Kount, Inc. (Keynetics) 03/14/2014 Trustwave US KPS Payment GmbH & Co. KG 09/02/2014 TUV SUD Management Service GmbH Europe Krajowy Integrator Platnosci S.A. 10/22/2013 SC2Labs Europe Krueger Associates, Inc. (National Fulfillment Services) 10/30/2013 SecurityMetrics US Kubra Data Transfer Limited 08/29/2013 Trustwave Canada Lateral Payment Solutions Ltd 11/01/2013 Trustwave Europe Layered Technologies, Inc. 05/31/2014 Coalfire Systems, Inc. US Monday, September 15, 2014 Page 29 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. LexisNexis VitalChek Network, Inc. 01/31/2014 Brightline CPAs & Associates, Inc. US Link Processing Co., Ltd 05/23/2014 BSI Management Systems Japan K.K. Asia Pacific Litle & Company, LLC 12/18/2013 Payment Software Company (PSC) US LiveOps Inc. 10/22/2013 Trustwave US Living Social (ONOSYS - Online Ordering System) - (O-Web Technologies Inc.) 01/31/2014 Secure State Consulting US Lucrazon, Inc. 08/14/2013 Intersec Worldwide US Lufthansa AirPlus Servicekarten GmbH - Overall Acq Services, Issuing Processing and additional infrastructure 11/27/2013 Security Research & Consulting GmbH Europe Lufthansa Revenue Services GmbH (LRS) 12/02/2013 Security Research & Consulting GmbH Europe Lufthansa Systems AG (LSY) - (formerly Lufthansa Systems Infratec GmbH) 04/11/2014 usd AG Europe Lyra Network (Brazil) 11/25/2013 Cipher Informatica Latin Americ Lyra Network (France) 07/08/2014 Security Research & Consulting GmbH Europe M2 Payment Solutions (formerly M2Financial LTD) 02/25/2014 Information Exchange Inc. US Maas Global Solutions Corporation (MGS) 02/10/2014 Information Exchange Inc. US Madison Performance Group 07/29/2013 Grant Thornton US Magensa, LLC (MagTek) 08/29/2014 Coalfire Systems, Inc. US Magic-Wrighter, Inc. 07/01/2013 Trustwave US Maintech 11/25/2013 IBM Internet Security Systems (ISS) US Mako Networks Ltd. 03/31/2014 Verizon/Cybertrust Asia Pacific Managepay Services Sdn Bhd (MPSB) 12/25/2013 ControlCase Asia Pacific MarketLive, Inc. 11/14/2013 Online Enterprises US Marqeta, Inc 11/18/2013 Brightline CPAs & Associates, Inc. US Mashery, Inc. 08/29/2014 Online Enterprises US MBU d.o.o. 09/19/2013 Trustwave Europe Monday, September 15, 2014 Page 30 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. McKesson Technologies, Inc. (McKesson RelayHealth, RelayHealth, RelayAccount, McKesson RelayAccount) 07/09/2014 Trustwave US Medoc Computers Ltd 03/06/2014 Sysnet Ltd. Europe MegaPath Networks 02/05/2014 Trustwave US Mercadotecnia, Ideas y Tecnologia S.A. de C.V. (MIT) 01/24/2014 1st Secure IT, LLC Latin Americ Merchant e-Solutions, Inc. (MeS) 08/06/2014 Coalfire Systems, Inc. US Merchant Link, LLC 04/30/2014 Trustwave US Merchant One Inc. 07/07/2014 Information Exchange Inc. US Merchant Partners (Innuity, Inc.) 11/04/2013 Information Exchange Inc. US Merchant Warehouse (Capital Bankcard) 04/30/2014 Trustwave US MerchantPlus LLC 02/19/2014 Trustwave US Merchants Bancard Network (Formerly IMAX Bancard Network, LLC) 01/03/2014 SecurityMetrics US Merchants Billing Services, Inc. 02/15/2014 Information Exchange Inc. US Merchants Choice Payment Solutions (MCPS) 01/08/2014 K3DES LLC US Mercury Payment Systems, Inc. (MPS) 11/30/2013 Coalfire Systems, Inc. US Meridian Enterprises Corporation 07/31/2014 Protiviti US MeritCard Solutions 07/01/2013 ControlScan US Meritus Payment Solutions (TK Global Partners LLC) 01/24/2014 403 Labs, LLC US Merkle Response Management Group 01/05/2014 Trustwave US Metavante Technologies Limited 12/06/2013 Trustwave Europe Micros Systems, Inc. 08/29/2013 Trustwave US Microsoft Dynamics Online Payment Services 05/22/2014 Trustwave US Middle East Payment Services (MEPS) 06/12/2014 RandomStorm SAMEA MilliKart Processing Center 02/07/2014 Radius Group LLC Europe Monday, September 15, 2014 Page 31 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Mindbody Inc. 08/15/2013 Payment Software Company (PSC) US Mint Wireless Limited 07/22/2013 Vectra Corporation Asia Pacific Mi-Pay Limited 07/29/2014 Foregenix Limited Europe Mizuho Factors, Ltd Processing Business 08/09/2014 BSI Management Systems Japan K.K. Asia Pacific Mobile Credit Payment Pte Ltd (MCPayment) 04/14/2014 Vectra Corporation Asia Pacific Moduslink 04/24/2014 Trustwave US MoldMediaCard SRL 12/09/2013 Trustwave Europe Moneris Shared Cash Dispensing (SCD) and Payment Systems Infrastructure at the Royal Bank of Canada 07/14/2014 Trustwave Canada Moneris Solutions Corporation / Moneris Solutions, Inc. 07/11/2014 Trustwave Canada Monex Financial Services Ltd. 05/12/2014 Trustwave Europe Monexa Services, Inc. (formerly IP Applications, Inc.) 07/30/2014 IPS Canada Monext - Acquiring by Monext 10/15/2013 XMCO Partners Europe Monext - Merchant Services (Payline, Payavenue, Tokenizer) 11/27/2013 XMCO Partners Europe Monext (Cards by Monext - Call Center) 08/13/2013 XMCO Partners Europe Monext (Cards by Monext) 09/27/2013 XMCO Partners Europe Money Movers Inc. 02/27/2014 Coalfire Systems, Inc. US Moore Wallace (R.R. Donnelley) - Canada 03/31/2014 Solutionary, Inc. Canada Moore Wallace (R.R. Donnelley) - US 03/31/2014 Solutionary, Inc. US Motionsoft 05/01/2014 Trustwave US Motivational Fulfillment & Logistics Services (Motivational Marketing Inc.) 02/28/2014 Tevora Business Solutions US mPAY24 GmbH 12/06/2013 Security Research & Consulting GmbH Europe MPayMe Ltd. 06/28/2013 Nexusguard Consulting Limited Asia Pacific Monday, September 15, 2014 Page 32 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. MPP Magyarorszag Zrt. 04/24/2014 Apersky Consulting LLC Europe mStart d.o.o. (mStart Agrokor) 02/12/2014 Cognosec GmbH Europe Mtrex / CartManager / Vision Bankcard, Inc. 03/14/2014 Trustwave US Multicarta Ltd. 09/30/2013 Radius Group LLC Europe Multifunctional Processing Company LLC 07/11/2014 FortConsult A/S Europe Multisafepay (formerly Multipay BV) 02/10/2014 VOC-Consultancy BV Europe MultiService Corporation 02/17/2014 Trustwave US MyGate Communications (Pty) Ltd 06/03/2014 Sysnet Ltd. SAMEA National Bankcard Services, Inc. 09/24/2013 RSM McGladrey, Inc. US National Information Solutions Cooperative (NISC) 04/23/2014 Trustwave US National Systems Corporation (QuikOrder, Inc.) 08/27/2014 Trustwave US Navitaire Inc. 05/29/2014 Trustwave US Nayax Ltd. 06/30/2014 Comsec Consulting, Ltd. Europe NBS Payment Solutions (Division of NBS Technologies, Inc.) 05/30/2014 Control Gap Inc. Canada NCMIC Finance Corporation (NFC) 10/15/2013 SecurityMetrics US nCourt LLC 12/20/2013 SecurityMetrics US NCR - Command Center (formerly Radiant Systems) 12/31/2013 Coalfire Systems, Inc. US NCR Secure Pay Environment 05/30/2014 ControlCase US NCR Aloha Takeout / NCR Aloha Ordering Online (formerly Radiant Systems - Aloha Takeout and Aloha Ordering Online) 12/15/2013 Coalfire Systems, Inc. US NCR CPOnline (formerly Radiant Systems - CP Online) 12/15/2013 Coalfire Systems, Inc. US Nelnet Business Solutions (QuickPay) 03/31/2014 Coalfire Systems, Inc. US Net1 01/08/2014 Trustwave SAMEA NETbilling, Inc. 09/08/2014 SecurityMetrics US Monday, September 15, 2014 Page 33 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. NetCentriX Inc (TransVerse Systems LLC) 07/26/2013 Information Exchange Inc. US Netcommerce SAL 10/10/2013 EOH Mthombo (Pty) Ltd. SAMEA NetMove Corporation 12/28/2013 International Certificate Authority of Mgt Syst Asia Pacific Netrada North America (Fulfillment Technologies (Filltek)) 10/18/2013 Secure State Consulting US Nets Denmark A/S 09/15/2014 Foregenix Limited Europe Nets Estonia AS (previously Pankade Kaardikeskus AS) 01/14/2014 O-C Group Europe Nets Finland Oy (formerly Manison Maksujrjestelmt Oy) 06/12/2014 Sysnet Ltd. Europe Nets Norway AS 06/25/2014 Foregenix Limited Europe Nets Oy ePayment Gateway and Acquisition Services (Nets Oy) 12/05/2013 FortConsult A/S Europe Nets, Inc. (NetWorks) 12/23/2013 Trustwave US NetSpend Corporation (Skylight Financial Inc.) 09/13/2013 Coalfire Systems, Inc. US NetSuite Inc. 01/13/2014 Trustwave US Network International, LLC (NETWORK Ae) 12/12/2013 M. Kuppuswamy PSG & Co. SAMEA Network Merchants, Inc. (NMI Gateway Services) 04/03/2014 Trustwave US NeuLion, Inc. 07/03/2014 Trustwave US New Vision Baltija UAB 08/14/2013 FortConsult A/S Europe Newtek Merchant Solutions (Universal Processing Services of Wisconsin) 12/03/2013 SecurityMetrics US NIC Services, LLC 05/16/2014 Trustwave US Nodus Technologies, Inc. 12/16/2013 Foresite MSP, LLC North American Bancard, Inc. (TransGlobal Payment Systems, Wholesale Processing Club) 05/29/2014 Trustwave US Novopayment, B. V. / NovoPayment L.T.D (Miami, FL Data Center) 07/31/2013 Xtrategies US Monday, September 15, 2014 Page 34 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. NTT DATA CORPORATION, Cards and Payments Services Division (CAFIS System) 03/02/2014 BSI Management Systems Japan K.K. Asia Pacific NTT DATA CORPORATION, Cards and Payments Services Division (InControl GW System) 05/15/2014 BSI Management Systems Japan K.K. NTT DATA CORPORATION, Cards and Payments Services Division (Payment Collection Service Center for Gas Companies) 09/24/2013 BSI Management Systems Japan K.K. Asia Pacific NTT DATA CORPORATION, Cards and Payments Services Division (VCN Management Center) 05/31/2014 BSI Management Systems Japan K.K. NTT DATA CORPORATION, First Financial Sector (Credit Housing Service System) 06/04/2014 BSI Management Systems Japan K.K. NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (ACS) 05/15/2014 BSI Management Systems Japan K.K. Asia Pacific NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (Brand Prepaid Card GW) 05/15/2014 BSI Management Systems Japan K.K. Asia Pacific NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (CDS) 06/04/2014 BSI Management Systems Japan K.K. Asia Pacific NYCE Payments Network LLC 04/23/2014 Trustwave US Office24 Co., Ltd. 02/28/2014 International Certificate Authority of Mgt Syst Asia Pacific Official Payments - EBPP (formerly ACI Worldwide, Inc. - eCommerce division - Princeton) 06/12/2014 Trustwave US Official Payments Corporation (Tier Technologies, Inc.) 02/25/2014 Trustwave US Ogone 02/14/2014 NTT Security Ltd. Europe OK Processing Ltd 09/27/2013 Informzaschita Europe Olo (Mobo Systems) 01/27/2014 SecurityMetrics US One Touch Direct, LLC 10/10/2013 Freed Maxick CPAs US Monday, September 15, 2014 Page 35 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Onelya, LLC 04/30/2014 Digital Security Europe Online Tech, LLC 06/30/2013 UHY Advisors TX, LLC US OOO Runet Business Systems (RBS) 12/06/2013 FortConsult A/S Open joint stock company "BANK URALSIB" 03/27/2014 Sysnet Ltd. Europe Open Joint-Stock Company "Orient Express Bank" 12/04/2013 Jet Infosystems Europe Operadora de Tarjetas de Credito Nexus S.A. 08/28/2014 Trustwave Latin Americ Optimal Payments PLC (NetBanx Limited, NetBx Services Inc., NetBx Technologies Inc., NBX Merchant Services Inc., NBX Merchant Services (Australia) Pty Ltd) 06/06/2014 Trustwave Canada Oracle ATG Web Commerce Managed Cloud Service 08/08/2014 Coalfire Systems, Inc. US Oracle BRM Cloud Service 11/25/2013 Coalfire Systems, Inc. US Oracle Managed Cloud Services (OMCS) 08/08/2014 Coalfire Systems, Inc. US Oracle On Demand E-Billing 08/08/2014 Coalfire Systems, Inc. US Orbitall Servicos e Processamento de Informacoes Comerciais Ltda 10/18/2013 CPqD Latin Americ ORCS Web Inc. 07/14/2014 Foresite MSP, LLC US OrderMotion, Inc. 05/13/2014 Trustwave US OrderTalk, Inc. 09/03/2013 A-Lign Security and Compliance Services US OSP Group (formerly Redcats USA, Inc. OneStopPlus.com) 11/19/2013 Crowe Horwath LLP US Pace Payment Systems (Century Bankcard Services) 03/15/2014 Information Exchange Inc. US PacifiCard S.A. 03/28/2014 Trustwave Latin Americ Paciolan Inc. 12/13/2013 Trustwave US Pago Merchant Solutions L.P. 09/30/2013 Sysnet Ltd. Europe Palm Coast Data LLC 12/31/2013 K3DES LLC US PAMS Lunchroom LLC 12/20/2013 Trustwave US Monday, September 15, 2014 Page 36 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Panasonic Avionics Corporation 06/27/2014 DirectDefense US Paramount Acceptance (Federal Recovery Systems Inc.) 05/27/2014 SecurityMetrics US Parkeon Europe (Besancon Platform) - (Archipel) 05/01/2014 Trustwave Europe Parkmobile USA, Inc. 11/22/2013 Habif, Arogeti & Wynne, LLP US Passkey International, Inc. 06/30/2014 AT&T Consulting Solutions, Inc. (Verisign) US Passport Health Communications, Inc. 02/12/2014 Trustwave US Passport Parking LLC 09/23/2013 A-Lign Security and Compliance Services US PatientPay 07/14/2014 SecurityMetrics US Pay Engine Limited (Best2Pay) 02/13/2014 Deiteriy Company Ltd. Europe PAY.ON AG 06/30/2014 TUV SUD Management Service GmbH Europe Payair Technologies AB 10/14/2013 Trustwave Europe PayByPhone Technologies, Inc. 11/19/2013 Raveneye Canada PayChannel (G4S Technology Ltd) 12/12/2013 Payment Software Company (PSC) Europe PayConnexion JP Morgan Chase 03/29/2014 Experis Finance US LLC US Paycorp Holdings Ltd. (ATM Solutions, Drawcard, EFTPOS) 10/31/2013 EOH Mthombo (Pty) Ltd. SAMEA Paydesign (formerly Digital Check, Inc.) 12/28/2013 International Certificate Authority of Mgt Syst Asia Pacific Paydiant Inc. 12/31/2013 Payment Software Company (PSC) US Payer Financial Services AB 06/27/2014 Trustwave Europe PayEx Holding AB (formerly PayEx Solutions AS (Payex IPSP)) 10/14/2013 NTT Security Ltd. Europe Payflex Systems USA, Inc. 06/17/2013 Trustwave US PayGate (Pty) Ltd 08/25/2014 Sysnet Ltd. SAMEA Paygent Co., Ltd. 06/30/2013 International Certificate Authority of Mgt Syst Asia Pacific PayHub Inc. 08/05/2013 CompliancePoint, Inc. US PayItEasy BVBA 11/22/2013 Fortytwo Europe Monday, September 15, 2014 Page 37 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. PayJunction (Messiahic, Inc.) 04/12/2014 Payment Software Company (PSC) US Paylane Sp. Z o.o. (formerly PayLane UK Ltd.) 02/01/2014 O-C Group Europe PayLeap LLC (Affinity Payments) 06/29/2013 Information Exchange Inc. US PayLease, LLC 03/03/2014 SecurityMetrics US PayLife Bank GmbH (Acquiring and Maestro Issuing Services) 02/24/2014 TUV SUD Management Service GmbH Europe Paylink SHA 05/30/2014 Security Research & Consulting GmbH Europe PAYM8 (PTY) Ltd 10/15/2013 Trustwave SAMEA Paymax SA 11/08/2013 SC2Labs Europe Payment Data Systems Inc. 05/15/2014 Information Exchange Inc. US Payment Exchange Ltd. (Payment Exchange International Ltd.) (PEX) 12/20/2013 Sysnet Ltd. SAMEA Payment Logistics Limited 02/14/2014 K3DES LLC US Payment Processing, Inc. (PPI) 04/07/2014 Trustwave US Payment Services Interactive Gateway (PSIGate) 10/01/2013 Trustwave Canada Payment World 11/30/2013 Coalfire Systems, Inc. US PaymentSpring, Inc. 04/30/2014 SecurityMetrics US Paymentus Corporation 10/28/2013 K3DES LLC Canada Paymetric, Inc. 08/14/2014 Trustwave US Payone GmbH & Co. KG 12/02/2013 TUV SUD Management Service GmbH Europe PayOnline System LLC 11/12/2013 Deiteriy Company Ltd. Europe PayPal, Inc. 12/03/2013 K3DES LLC US Paypoint.net Ltd (Metacharge Ltd) 06/13/2014 Nettitude Ltd. Europe PaySimple 08/20/2013 Coalfire Systems, Inc. US PaySpan, Inc. (formerly mPay Gateway) 12/12/2013 Brightline CPAs & Associates, Inc. US PaySquare SE (formerly Montrada GmbH) 07/04/2014 usd AG Europe PayTel S.A. 02/18/2014 IBM Internet Security Systems (ISS) Europe Monday, September 15, 2014 Page 38 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Paythru Ltd. 03/14/2014 O-C Group Europe PayTrace, Inc. 09/25/2013 Information Exchange Inc. US PayU Commercial Offices (PayU Russia, PayU Turkey, PayU Ukraine, and PayU Hungary) 01/24/2014 Sysnet Ltd. Europe PayU Czech Republic s.r.o. 05/27/2014 Sysnet Ltd. Europe PayU Romania (formerly GeCAD ePayment International SA) 05/14/2014 Sysnet Ltd. Europe Payvision B.V. 06/02/2014 Trustwave Europe Paywizard PLC 10/08/2013 Ambersail Europe Payzone Ireland Ltd. 09/12/2013 NTT Security Ltd. Europe Payzone Nordic AB 07/07/2013 Cybercom Group Europe PBD Worldwide Fulfillment Services 07/31/2014 Trustwave US PCIPay, LLC 06/20/2014 Coalfire Systems, Inc. US People Tech Latin S.A.A. 12/05/2013 IQ Information Quality Latin Americ PetaFuel GmbH 12/19/2013 usd AG Europe Phoenix Managed Networks LLC (PMN) 09/13/2013 Foresite MSP, LLC US Phoenix Nap LLC 01/31/2014 Coalfire Systems, Inc. US Phreesia 02/26/2014 Trustwave US Pil.dk/Quickpay.dk (Pil-Professionelle Internetlosninger Aps.) 07/19/2013 FortConsult A/S Europe Pitney Bowes 02/17/2014 IBM Internet Security Systems (ISS) US Pivotal Payments 02/28/2014 SecurityMetrics Canada Planet Payment, Inc. (Planet Group, Inc.) 03/03/2014 Trustwave US Plastiq Inc. (Plastiq Canada Inc.) (formerly 4ward Thinking) 05/17/2014 CompliancePoint, Inc. US Plug & Pay Technologies, LLC 10/01/2013 SecurityMetrics US Pluscard GmbH 06/13/2014 usd AG Europe Monday, September 15, 2014 Page 39 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. PMTsolutions AG 11/26/2013 TUV SUD Management Service GmbH Europe Point Transaction Systems (formerly Paybox) 10/09/2013 Verizon/Cybertrust Europe Point Transaction Systems a islandi ehf. 07/09/2014 Trustwave Europe Point Transaction Systems AB (formerly PoinSys AB) 06/09/2014 Foregenix Limited Europe Portmone.com 11/25/2013 Security Research & Consulting GmbH Europe POS Portal 12/26/2013 Coalfire Systems, Inc. US Posatel Inc. 08/20/2013 Ubitrak Canada POST Integrations, Inc. 04/03/2014 Verizon/Cybertrust US PostFinance AG (formerly Swiss Post PostFinance) 02/14/2014 NTT Security Ltd. Europe Preferred Health Technology 08/22/2013 Trustwave US PrePay Technologies (Prepay Solutions) 06/09/2014 Foregenix Limited Europe Primoris Services, LLC 07/30/2014 SecurityMetrics US Priority Fulfillment Services, Inc. (PFSWeb, Inc.) 04/09/2014 Trustwave US Priority Payment Systems 06/02/2014 Coalfire Systems, Inc. US Prizm Payment Services India Ltd 02/03/2014 ControlCase SAMEA Processing.com (Cardconcepts Europe Ltd.) 10/28/2013 SecurityMetrics US Programmers Investment Corp (PIC-Online) 03/25/2014 Payment Software Company (PSC) US Promocion y Operacion S.A de C.V. (Prosa) 12/12/2013 403 Labs, LLC Latin Americ ProPay USA, Inc 06/25/2014 Cadence Assurance US Propco Marketing (Propp Corp) 04/08/2014 Neohapsis US Provus Bilisim Hizmetleri A.S. 02/06/2014 Biznet Information Systems Europe Provus Service Provider S.A. 05/14/2014 Trustwave Europe PSC Ukrainian Financial Network (UFN) 10/01/2013 Sysnet Ltd. Europe PSCU Financial Services, Inc. 02/28/2014 Tevora Business Solutions US Monday, September 15, 2014 Page 40 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. PT Multi Adiprakarasa Manunggal ("Kartuku"), Jakarta, Indonesia 10/10/2013 ControlCase Asia Pacific PT Pay S.A. 07/17/2013 Trustwave Europe Qgiv, Inc. 07/01/2014 SecurityMetrics US QS/1 Data Systems (JM Smith Corporation) 06/03/2014 Trustwave US Quality Technology Services, Inc. 04/30/2014 Protiviti US Quantum Services LLC (Quantum Gateway) 10/18/2013 Raveneye US Quipu GmbH 06/11/2014 TUV SUD Management Service GmbH Europe Rackspace Hosting, Inc. 07/29/2014 Trustwave US Radiant Systems - CP Gateway 10/31/2013 Coalfire Systems, Inc. US Raiffeisenverband Sdtirol Gen. 04/15/2014 KIMA Projects & Services Europe Rapid Investments 10/01/2013 ControlCase US ReadyTouch Network Services (RTNS) 03/26/2014 KalioTek, Inc. US Realex Payments (Pay and Shop Ltd) 11/05/2013 Rits Europe RealPage 06/12/2014 Trustwave US Rearden Commerce 05/01/2014 IBM Internet Security Systems (ISS) US Redbanc S.A. 08/27/2014 Trustwave Latin Americ Redss Servicios de Procesamiento S.L. 11/12/2013 S21sec Gestion, S.A. Europe Reliant Web Hosting Services (Tenzing Managed IT Services) 07/29/2014 Control Gap Inc. Canada REMISE Corporation 12/31/2013 International Certificate Authority of Mgt Syst Asia Pacific Retail Decisions Europe Limited (ReD) 06/03/2014 Trustwave Europe Retail Decisions, Inc. (US) 09/26/2013 Trustwave US Retail inMotion (Paygate Services) 12/30/2013 NCC Group Europe RetailPoint, LLC 09/19/2013 Trustwave US Retalix Global Payments (MTXEPS) 01/14/2014 Trustwave US Retiarius, GMBH 11/29/2013 Kyte Consultants, Ltd. Europe Monday, September 15, 2014 Page 41 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Rev Worldwide, Inc. (formerly MPOWER Labs (Mango Financial, Inc.)) 10/24/2013 Certify Audit Services, Inc. US Revelex Corporation 09/30/2013 Trustwave US Revention, Inc. 12/23/2013 A-Lign Security and Compliance Services US RevTrak, Inc. 06/25/2014 Coalfire Systems, Inc. US Rewards Network, Inc. 06/28/2014 Sunera US RewardsNOW! Inc. 09/24/2013 Online Enterprises US RideCharge Inc. (Taxi Magic) 08/16/2013 ControlCase US Roam Data, Inc. 10/04/2013 Foresite MSP, LLC US RocketGate, LLC 10/15/2013 403 Labs, LLC US Romcard S.A. 09/12/2013 Trustwave Europe RS2 Smart Processing Limited (BankWorks Service Partners (BW-SP) 04/17/2014 O-C Group Europe RSA - The Security Division of EMC 10/10/2013 Verizon/Cybertrust US RSI International Systems Inc. 01/10/2014 Coalfire Systems, Inc. Canada RSM 2000 Limited 02/24/2014 Trustwave Europe RT Lawrence Corporation 04/24/2014 Trustwave US Rucard Ltd. 07/29/2014 Trustwave Europe Russian Standard Bank 08/29/2014 Jet Infosystems Europe Sabre Hospitality Solutions (SynXis) 06/09/2014 Fortrex US Sabre Travel Network and Sabre Airline Solutions 06/25/2014 FishNet Security US SafeCharge International Group Ltd. 12/04/2013 Trustwave Europe Sage Pay Europe Limited 06/10/2014 Trustwave Europe Sage Payment Solutions 07/24/2014 Verizon/Cybertrust US SaleServiceSolutions (LTD) 12/16/2013 Security Research & Consulting GmbH Europe Sallie Mae Corporation 03/28/2014 Specialized Security Services, Inc. US Salsa Labs, Inc. 08/23/2013 ControlCase Monday, September 15, 2014 Page 42 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Samport Payment Services AB 05/05/2014 Trustwave Europe SBW.com, LLC (SBW) 08/05/2014 Neohapsis US SC Smart PayNetwork SA (member of Euronet Worldwide Inc. Group) 01/27/2014 Encode SA Europe Scannet A/S 12/10/2013 FortConsult A/S Europe ScholarChip Card Company, LLC 07/11/2014 A-Lign Security and Compliance Services US Secure CyberGateway Services, LLC 06/19/2014 SecurityMetrics US Secure Payments LLC (iSecure Payments) 07/11/2013 Aeris Secure US SecureNet (Securenet Payment Systems) 05/20/2014 RSM McGladrey, Inc. US SecurePay Pty Ltd 12/31/2013 Vectra Corporation Asia Pacific SecureTrading Ltd. 06/17/2014 Trustwave Europe SegPay Inc. (SegPay Ltd.) 08/15/2014 Payment Software Company (PSC) US Select Bankcard LLC 07/31/2013 K3DES LLC US Sentry Payment Service, Ltd. 04/11/2014 SecurityMetrics Canada Seroph Holding BV (AlgoCharge) 08/28/2014 GRSee Consulting Europe Servebase Ltd 12/19/2013 Foregenix Limited Europe Servicios Electronicos Globales, S.A. de C.V.(eGlobal) 10/12/2013 Trustwave Latin Americ Servodata GmbH 12/13/2013 usd AG Europe Setcom 10/25/2013 SecuriCentrix SAMEA Shazam Inc. (ITS Inc.) 05/01/2014 Trustwave US SHC Direct, LLC 07/30/2013 Trustwave US Shift4 Corporation 05/31/2014 FishNet Security US Shopify, Inc. (Shopify Payments (Canada Inc. & Shopify Payments (USA) Inc.)) 07/30/2014 Coalfire Systems, Inc. Canada SIA Central Europe cPlc (formerly GIRO Bankcard cPlc) 04/28/2014 Apersky Consulting LLC Europe Monday, September 15, 2014 Page 43 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. SIA S.p.A. (formerly SIA-SSB) 08/02/2013 Verizon/Cybertrust Europe SIA Transact Pro (Payment Gateway & IPSP Services) 11/15/2013 FortConsult A/S Europe Signature Card Services (CKC Holdings, Inc.) 04/28/2014 SecurityMetrics US Silverlake Infrastructure & Logistics Sdn. Bhd. 12/26/2013 Vectra Corporation Asia Pacific SimplePay Pty Ltd. 02/05/2014 Vectra Corporation Asia Pacific Sitel Operating Corporation - Sitel Call Center Services (US, EMEA, LATAM/South America and APAC) 06/27/2014 Coalfire Systems, Inc. US SIX Payment Services AG (formerly SIX Card Solutions AG) 04/04/2014 TUV SUD Management Service GmbH Europe SIX Payment Services Luxembourg SA (Six Card Solutions, 3C International SA, 3C Communications International SA) 11/20/2013 NTT Security Ltd. Europe Skybridge America's, Inc. (Skybridge Marketing Group) (formerly Argenbright Inc.) 11/20/2013 Trustwave Canada Slim CD, Inc. 10/21/2013 Enterprise Risk Management US Smart Hub Inc. 12/26/2013 ControlCase Asia Pacific Smartcardlink (SCL) 06/30/2014 Informzaschita Europe SmartEtailing Inc. 09/13/2013 Coalfire Systems, Inc. US SmartLink Network Inc. 11/15/2013 ASR.Co., LTD SmartyPig, LLC (Social Money) 04/07/2014 Trustwave US Snapfinger Incorporated (formerly Kudzu Interactive) 10/28/2013 ControlCase US Sociedade Interbancria de Servios, S.A. (SIBS) 06/13/2014 FortConsult A/S Europe Softbank Payment Service Corp. 11/30/2013 International Certificate Authority of Mgt Syst SoftHotel lnc. (Sabre Hospitality Solutions - PMS) 03/24/2014 Verizon/Cybertrust US Softvoyage Inc. 10/21/2013 Ubitrak Canada Sophia Research Institute, Ltd. 09/14/2013 International Certificate Authority of Mgt Syst Asia Pacific Monday, September 15, 2014 Page 44 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Sors Financial & Insurance Services, LLC (Approval Code) 05/05/2014 Dara Security US South African Bank Services Company Limited - Bankserv 12/18/2013 Trustwave SAMEA Spacenet, Inc. 09/17/2013 Trustwave US Specialized Technical Services (STS Payment Network (STS PN)) 07/15/2013 Trustwave SAMEA Speed Commerce, Inc. (formerly SpeedFC, Inc.) 11/21/2013 Payment Software Company (PSC) US Spendvision Holdings Ltd (UK) 04/09/2014 Integralis Europe Square, Inc. 05/29/2014 Coalfire Systems, Inc. US Stafford Associates Computer Specialists, Inc. 10/11/2013 CrimsonSecurity US Starcite, Inc. (Active Network) 03/15/2014 K3DES LLC US Sterling Payment Technologies, LLC 09/19/2013 Trustwave US STI Processing 09/25/2013 K3DES LLC Latin Americ StoneEagle Services, Inc. 03/10/2014 Raveneye US Strategic Fulfillment Group/Annie's (SFG/Annie's) 07/14/2014 Trustwave US Strategic Payments Services (SPS) Pty Ltd 04/22/2014 Stratsec.net RTY LTD Asia Pacific StreamPay SIA 01/24/2014 Kyte Consultants, Ltd. Europe Stripe, Inc. 03/14/2014 IOActive, Inc. US Sumitomo Mitsui Card Company, Ltd. 09/27/2013 International Certificate Authority of Mgt Syst Asia Pacific SunGard Availability Services Managed Services 04/30/2014 Fortrex US SunGard AvantGard, Payment Services Division 04/13/2014 K3DES LLC US SunGard Public Sector 08/22/2013 SecurityMetrics US Superior Financial Systems, Inc. 03/07/2014 Trustwave US Support.com, Inc. 07/15/2013 Accretive Solutions Operating Corp. US Swipely 05/01/2014 Compass IT Compliance US Swish Limited 02/28/2014 SecuriCentrix Europe Monday, September 15, 2014 Page 45 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Swiss Post Solutions GmbH 10/14/2013 Security Research & Consulting GmbH Europe Switchfly Inc. (formerly ezRez Software, Inc.) 01/31/2014 Payment Software Company (PSC) US Symcor, Inc. (Canadian Retail Lockbox Processing Environment) 08/08/2013 IPS Canada Synapse Corporation 11/12/2013 403 Labs, LLC US Synapse Group, Inc. 06/27/2014 Neohapsis US Syspay 12/06/2013 Trustwave Europe Systems East 07/01/2014 Trustwave US T2 Systems, Inc. 11/19/2013 Trustwave US TAS Link LLC 05/31/2014 BMS Consulting LLC Europe Tata Communications Payment Solutions Limited (formerly Tata Communications Banking Infrasolutions Limited (TCBIL)) 07/31/2014 SISA Information Security Pvt. Ltd. TD Merchant Services (The Toronto - Dominion Bank) 06/19/2014 Control Gap Inc. Canada TelecityGroup France 12/06/2013 Trustwave Europe TelecomCredit Co., Ltd. 12/19/2013 International Certificate Authority of Mgt Syst Asia Pacific Teleflora, LLC 10/29/2013 Trustwave US Telefonica Soluciones de Informatica y Comunicaciones, S.A., Sociedad Unipersonal 06/11/2014 Internet Security Auditors, S.L. Europe Teleformix 09/25/2013 Trustwave US Telekenex IXC 09/27/2013 Trustwave US Teleperformance Brazil 04/15/2014 SecurityMetrics Latin Americ Teleperformance USA (TPUSA) 10/11/2013 AT&T Consulting Solutions, Inc. (Verisign) US Telered S.A. 09/07/2014 Trustwave Latin Americ Tenerum, LLC 09/10/2013 Brightline CPAs & Associates, Inc. US Teranet, Inc. 07/18/2014 Trustwave Canada Monday, September 15, 2014 Page 46 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Terremark North America, LLC. (Verizon Terremark) 03/18/2014 Trustwave US Tessitura Networks, Inc. 05/30/2014 Trustwave US The CBORD Group, Inc. 02/11/2014 Trustwave US The Logic Group 08/15/2014 Verizon/Cybertrust Europe The MasterCard Clearing House of Japan (MCCJ) 12/11/2013 BSI Management Systems Japan K.K. Asia Pacific The Members Group 12/27/2013 RSM McGladrey, Inc. US The Shared Electronic Banking Services Company (K.S.C.C) - KNET 08/20/2013 ControlCase SAMEA The Shubert Organization (Shubert Ticketing) 02/14/2014 SecurityMetrics US Thermeon Corporation PLC 07/31/2014 Tevora Business Solutions US Threshold Financial Technologies Inc. 06/18/2013 Control Gap Inc. Canada Ticket Software, LLC (TicketNetwork) 01/08/2014 Trustwave US Ticketmaster, LLC and Ticketmaster Canada, Ltd 12/13/2013 AT&T Consulting Solutions, Inc. (Verisign) US Tickets.com - ProVenue Elite 12/06/2013 Trustwave US Tillster Support Services (Formerly EMN8) 11/25/2013 Tevora Business Solutions Time Customer Service, Inc. 06/27/2014 Neohapsis US Time Inc. International Fulfilment Services B.V. (formerly Time Warner Publishing BV (TW4 Fulfilment Services)) 08/13/2014 NTT Security Ltd. Europe Tivit Terceirizacao de Processos, Servicos e Tecnologia S.A. (Cielo Environment) 11/01/2013 Cipher Informatica Latin Americ Tix, Inc. 08/23/2013 Compass IT Compliance US TK Keith Company (Primax Payment Systems) 07/03/2014 Verizon/Cybertrust US TNS Smart Network Inc. (NRT Technologies Inc., NRT Technology Corp., TNS Smart Network USA Inc.) 08/07/2013 Trustwave Canada TokenEX 10/14/2013 Trustwave US Tokheim Belgium NV 11/20/2013 Sysnet Ltd. Europe Monday, September 15, 2014 Page 47 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Tomax Corporation 07/30/2014 Coalfire Systems, Inc. US Total Administrative Services Corporation (TASC) 12/06/2013 Coalfire Systems, Inc. US Total Merchant Services 03/02/2014 Information Exchange Inc. US Total Web Solutions Limited 10/10/2013 2-sec Ltd. Europe TouchNet Information Systems, Inc. 04/01/2014 Trustwave US Towarzystwo Finansowe Skok S.A. (TFSKOK) 07/30/2014 Comsec Consulting, Ltd. Europe Transact24 Limited 01/15/2014 Evolution LTD Asia Pacific Transaction Network Services (TNS) 06/06/2014 Trustwave US Transaction Network Services (TNS) - Acquiring and Issuing 09/09/2014 Trustwave Europe Transaction Network Services (TNS) - TNSPay CNP Gateway 06/03/2014 Trustwave US Transaction Network Services (TNS) TNSPay Direct (AJB) 09/09/2014 Trustwave US Transaction Network Services (TNS) - Transpoll and TNSPay Retail Gateway 09/04/2014 Trustwave Europe Transaction Processing Partners 08/25/2013 Information Exchange Inc. US Transaction Processing Specialists (formerly Xerox Payment Solutions) 10/04/2013 Experis Finance US LLC US Transaction Services (TRXServices) 08/31/2013 Coalfire Systems, Inc. US Transactis, Inc. 04/24/2014 Trustwave US Transactium Limited 12/02/2013 Trustwave Europe Transbank S.A. 11/04/2013 Trustwave Latin Americ TransCard, LLC 02/07/2014 Trustwave US TransCertain 09/06/2013 Coalfire Systems, Inc. US Transcom North America/Asia Inc. (TCNAA) 04/30/2014 Coalfire Systems, Inc. US TransFirst - TransAction Central 05/30/2014 Trustwave US Transnational Bankcard LLC 10/31/2013 Professional Computer Center, DBA Valcom US Monday, September 15, 2014 Page 48 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. TransPerfect Translations International Inc. (Translations.com) 09/20/2013 403 Labs, LLC US TransUnion Interactive, Inc. 11/30/2013 SecurityMetrics US Transverse 03/31/2014 Solutionary, Inc. US Travelex Outsourcing Pty Ltd. 11/12/2013 Trustwave Asia Pacific Trevica S.A. 01/14/2014 Trustwave Europe Tri Source Solutions (formerly Nobel Electronic Transfer, LLC) 09/30/2013 Coalfire Systems, Inc. US Triangle Holdings Limited (Triangle Payments) 12/26/2013 Trustwave Asia Pacific Tridata, Inc. - Datalink Bancard Services 04/07/2014 Trustwave US Trilegiant 12/27/2013 Trustwave US Triplefin 10/28/2013 Trustwave US Tropical MBC (formerly Tropical Productions) 10/28/2013 Information Exchange Inc. US Truition, Inc (a division of Aptean) 03/31/2014 Coalfire Systems, Inc. Canada Trust One Payment Services (ChargePay, Charge Payment LLC) 09/03/2013 Trustwave US TrustCommerce (TCSP) 04/21/2014 403 Labs, LLC US Trustpay Global 09/02/2013 Trustwave Europe TS3 Services 03/15/2014 Foregenix Limited Europe TSYS (Issuing Processing) 01/14/2014 Trustwave US TSYS Acquiring Solutions 04/11/2014 Coalfire Systems, Inc. US TSYS Golden (TSYS iSolutions, TSYS Procard) 01/14/2014 Coalfire Systems, Inc. US TSYS International Core 12/06/2013 Trustwave Europe TSYS Loyalty (IM & TLP Platform) 07/11/2014 Coalfire Systems, Inc. US TSYS Managed Service - Myersville (Merlin Solutions) 07/09/2014 Coalfire Systems, Inc. US TSYS Managed Services - Issuing 12/13/2013 Trustwave US Monday, September 15, 2014 Page 49 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. TSYS Managed Services EMEA Ltd. 11/08/2013 Trustwave Europe TSYS Merchant Services, LLC - Atlanta (formerly TermNet Merchant Services) 08/29/2013 Trustwave US TSYS Merchant Solutions 01/02/2014 Trustwave US TSYS Output Services / TSYS DDS 02/11/2014 Trustwave US TSYS Prepaid, Inc. 07/14/2014 Coalfire Systems, Inc. US TSYS Prime Platforms (TSYS TS Prime EU, TSYS Prime 3, TSYS TS Prime Latin America) 11/06/2013 Trustwave US Tutuka Software (Pty) Ltd. 12/17/2013 Trustwave SAMEA Tyler Technologies, Inc. 11/22/2013 IBM Internet Security Systems (ISS) US U.S. Payments, LLC (Paysite) 12/13/2013 403 Labs, LLC US UBS Card Center AG 08/16/2013 NCC Group Europe UC Card Co., Ltd. 03/11/2014 BSI Management Systems Japan K.K. Asia Pacific Ukrainian Processing Center (UPC) 04/17/2014 Security Research & Consulting GmbH Europe UMS Banking (CA) 05/19/2014 SecurityMetrics US Unibanca S.A. 01/25/2014 1st Secure IT, LLC Latin Americ Unified Payment Services Ltd. (ValuCard Nigeria Ltd.) 01/21/2014 Trustwave SAMEA United Card Service 05/30/2014 Jet Infosystems Europe United Merchant Services, Inc. (UMS) 07/31/2014 Trustwave US United Payment Services 12/19/2013 Accudata Systems, Inc. US Universal Data Centre (iPay.ua) 07/30/2014 Sysnet Ltd. Europe Universal Gateway Solutions (UGSPay Ltd) 03/11/2014 Security Research & Consulting GmbH Europe Universal Information Technologies Ltd. 12/23/2013 Sysnet Ltd. Europe Universal Money Centers Inc. 10/25/2013 Information Exchange Inc. US Universal Payment Gateway (UPG) 10/25/2013 SecuriCentrix Europe UPAID Sp. Z o.o. 07/19/2013 SC2Labs Europe Monday, September 15, 2014 Page 50 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. US Alliance Group, Inc. 03/07/2014 SecurityMetrics US US Bank E-Payment / E-Disbursement Services 01/09/2014 Trustwave US USA Technologies, Inc. (Malvern Pennsylvania) 03/13/2014 Trustwave US USAePay, a Gorcorp Company 04/24/2014 Trustwave US Value Pay Services LLC, an IPC Company 11/11/2013 IBM Internet Security Systems (ISS) US Value Payment Systems 12/23/2013 A-Lign Security and Compliance Services US Vanco Services, LLC 12/11/2013 SecurityMetrics US Vantiv National Processing Company (NPC) 11/19/2013 Trustwave US Vantiv - Skipjack Financial Services, Inc. 01/10/2014 Trustwave US Vantiv (f.k.a. TNB) Credit Card Services 02/17/2014 Trustwave US Vantiv (Fifth Third Bank Processing Solutions - Acquiring Systems) 06/17/2014 Trustwave US Vantiv (Fifth Third Bank Processing Solutions - Issuing and Switch Providing Systems) 06/17/2014 Trustwave US Vantiv Card Management Corporation (Vantiv CMC) 08/27/2014 FishNet Security US Vantiv Prepaid Systems 06/17/2014 Trustwave US Vegas.com, LLC 07/31/2014 Trustwave US Venda, Ltd. 07/07/2014 SecurityMetrics Europe Vendini, Inc. 08/15/2014 SecurityMetrics US VenTek International (Caracal Enterprises LCC) 12/06/2013 Coalfire Systems, Inc. US Verifi, Inc. 07/21/2014 Trustwave US VeriFone - VeriSheild Protect 08/01/2014 SecurityMetrics US VeriFone PAYware Connect 07/25/2013 Foregenix Limited US Verifone Services UK & Ireland Ltd (VeriFone UK and Ireland, Point Transaction System (AB (Sweden), OY (Finland), A/S (Norway), AS (Denmark), SIA (Baltics)) 11/06/2013 Foregenix Limited Europe Monday, September 15, 2014 Page 51 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Verizon Computing as a Service 03/24/2014 Trustwave US Verosa, LLC 08/20/2014 Coalfire Systems, Inc. US Verotel Merchant Services BV 12/19/2013 VOC-Consultancy BV Europe Vesta Corporation 06/30/2014 Online Enterprises US Vindicia Inc. 09/16/2013 Payment Software Company (PSC) US Virtual Piggy, Inc. 02/12/2014 Coalfire Systems, Inc. US VirtualXS - (Virtual Access Internet B.V.) 03/14/2014 NTT Security Ltd. Europe Vision2Systems, LLC 09/30/2013 Coalfire Systems, Inc. US VisionOne, Inc. 09/20/2013 IBM Internet Security Systems (ISS) US VOB-ZVD Processing GmbH - POS Payment Processing Area (formerly BCB Processing) 09/27/2013 Security Research & Consulting GmbH Europe VocaLink Ltd. (VocaLink ATM Systems) 11/15/2013 Verizon/Cybertrust Europe Vodat International Ltd. 04/15/2014 Trustwave Europe Voice Commerce Ltd. (Trading as Cashflows) 01/15/2014 Verizon/Cybertrust Europe Voice Data Solutions, Inc. 10/09/2013 SecurityMetrics US Volusion, Inc. 03/01/2014 Payment Software Company (PSC) US VOXDATA Solutions Inc. 08/22/2014 Ubitrak Canada Voxeo Corporation (Aspect Software, Inc.) 12/13/2013 Sunera US VXI Global Solutions, Inc. 02/19/2014 Trustwave US Wageworks 12/15/2013 RSM McGladrey, Inc. US Walpay Ltd. 07/10/2014 SecuriCentrix Europe Wannafind A/S (Zitcom A/S) 05/15/2014 FortConsult A/S Europe Washington Metropolitan Area Transit Authority (WMATA) 02/14/2014 ControlCase US Wave Crest Holdings Limited (GTECH) 12/12/2013 Trustwave SAMEA Monday, September 15, 2014 Page 52 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Web Active Corporation Pty Ltd (Trading as eWAY, including subsidiaries in New Zealand and the United Kingdom) 12/06/2013 Stratsec.net RTY LTD Asia Pacific WEBINC GmbH & Co KG 07/17/2014 usd AG Europe Webpay 12/11/2013 Security Research & Consulting GmbH Europe Webpay, Inc. (Japan) 07/31/2013 International Certificate Authority of Mgt Syst Asia Pacific Webteh d.o.o. 09/13/2013 Trustwave Europe West Corporation (West Direct LLC - Direct Response (WD-DR) 12/31/2013 Continuum Worldwide US Western Union Speedpay 06/04/2014 Tevora Business Solutions US WEX Europe (formerly CorporatePay Limited) 05/15/2014 NTT Security Ltd. Europe WhiteConcierge 02/03/2014 ECSC Ltd. Europe Wincor Nixdorf Czech Republic 11/20/2013 Trustwave Europe Wipro IT Business 10/22/2013 SISA Information Security Pvt. Ltd. SAMEA Wirecard Central Eastern Europe GmbH (formerly QENTA) 02/14/2014 Security Research & Consulting GmbH Europe Wirecard Processing FZ LLC (formerly ProCard Services FZ LLC) 09/11/2013 Trustwave SAMEA Wirecard Technologies GmbH 01/10/2014 Security Research & Consulting GmbH Europe Wirecard UK and Ireland Ltd. 12/03/2013 Trustwave US Wolfe LLC (GiftCards.com, LLC, OmniCard, LLC, (flkla WRL.com, LLC), Omni Prepaid, LLC, Swapagift, LLC) 07/31/2014 Trustwave US Workflow One LLC 12/04/2013 Brightline CPAs & Associates, Inc. US WorldNet TPS 06/24/2014 Sysnet Ltd. Europe WorldPay (UK) Limited (Streamline) 07/15/2014 Sysnet Ltd. Europe WorldPay (UK) Limited (WorldPay Business Gateway, Worldpay Corporate Gateway) 07/15/2014 Sysnet Ltd. Europe WorldPay US, Inc. (formerly RBS WorldPay (US)) 05/19/2014 Verizon/Cybertrust US Monday, September 15, 2014 Page 53 of 54 The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A companys name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customers sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a snapshot of security controls in place at a point in time. Wyndham Hotels & Resorts, LLC (WHR) 12/31/2013 Verizon/Cybertrust US Xcellapay - Payment Solutions 03/28/2014 SISA Information Security Pvt. Ltd. US XTEC, Inc. 07/31/2013 Information Exchange Inc. US Yahoo! - smallbusiness.yahoo.com 04/29/2014 Trustwave US Yalamanchili International Pte Limited 04/01/2014 SISA Information Security Pvt. Ltd. Asia Pacific Yalamanchili Software Exports Pvt Ltd. 01/31/2014 SISA Information Security Pvt. Ltd. SAMEA Yamaguchi Data Processing Service 02/14/2014 NRI Secure Technologies Asia Pacific Yamato System Development Co., Ltd 10/10/2013 NTT Data Intellilink Corporation Asia Pacific YapStone, Inc. 04/07/2014 Brightline CPAs & Associates, Inc. US Yodlee, Inc. 12/09/2013 Online Enterprises US Zarlenga and Seltzer Inc. (United Merchant Processing Services (UMPA) 04/13/2014 SecurityMetrics US ZEUS Co., Ltd. 08/26/2014 BroadBand Security (BBSec) Asia Pacific Zipzap Processing Inc. 07/03/2014 Confide Ltd. ZirMed, Inc. 04/15/2014 403 Labs, LLC US Zoola (formerly Rainbow Rewards) 12/30/2013 Coalfire Systems, Inc. US Zuora, Inc. 05/30/2014 Brightline CPAs & Associates, Inc. US Monday, September 15, 2014 Page 54 of 54