Barclays uses cookies on this website. Some cookies are essential to provide our services to you. Other cookies help us to analyse how you use the site, so we can improve your experience on our site. Cookies are stored locally on your computer or mobile device. Please select 'Accept all' to consent to cookies, or select ‘Reject all’ to reject all but essential cookies’, or select 'Manage cookies' to change your preferences. For more information visit our cookie policy.

If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?

Each payment brand has individually determined whether companies that use their corporate card solution(s) need to validate compliance with the PCI DSS.

Please contact the relevant brand from the list below (which matches the brand on your corporate card) to confirm their validation requirements:

Visa: cisp@visa.com
American Express: express.data.security@aexp.com
Discover: askdatasecurity@discoverfinancial.com
JCB: riskmanagement@jcbati.com

Note: If Barclaycard supply your corporate card solution, and if you store, process or transmit the card information on your systems, we require you to report your compliance with the PCI DSS.

If a merchant or service provider has internal corporate credit cards used by employees for company purchases like travel or office supplies, are these corporate cards considered ‘in scope’ for PCI DSS?

Find a small business solution

Find a corporate solution

Help and support

Contact us