the mastercard compliant service provider list

56
The MasterCard Compliant Service Provider List Service Provider Name Region AOC Date Assessor A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources. This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider. As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time. 1&1 Internet AG (1&1, 1&1 ipayment, ipayment.de) 05/11/2015 Security Research & Consulting GmbH Europe 1Link (Guarantee) Limited 11/17/2015 Trustwave SAMEA 1ShoppingCart.com (Web.com) 04/13/2016 SecurityMetrics US 1stPayGateWay, LLC 05/28/2015 IBM Internet Security Systems (ISS) US 24 Solutions AB 06/15/2015 CryptoNet Srl Europe 24/7 Customer, Inc. 03/26/2016 ControlCase US 2C Processor USA, LLC 03/07/2016 Information Exchange Inc. US 2C2P (Thailand) Co. Ltd. 04/27/2015 AGES Systems Gelderfarenit PTE LTD Asia Pacific 2C2P Pte., Ltd. 01/06/2016 Trustwave Asia Pacific 2Checkout.com (2CO E-Commerce Payments LTD) 10/26/2015 DirectDefense US 3Cinteractive Corporation 08/14/2015 Online Enterprises US 3dCart (Informat 2000 Corp) 03/10/2016 SecurityMetrics US 3Delta Systems, Inc. 09/16/2015 Fortrex US ABC Financial Services, Inc. 08/10/2015 Coalfire Systems, Inc. US Abtran Ltd. 10/01/2015 Rits Europe Accel Networks 04/30/2015 CompliancePoint, Inc. US Tuesday, May 03, 2016 Page 1 of 56

Upload: duongdung

Post on 14-Feb-2017

431 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

1&1 Internet AG (1&1, 1&1 ipayment, ipayment.de)

05/11/2015 Security Research & Consulting GmbHEurope

1Link (Guarantee) Limited 11/17/2015 TrustwaveSAMEA

1ShoppingCart.com (Web.com) 04/13/2016 SecurityMetricsUS

1stPayGateWay, LLC 05/28/2015 IBM Internet Security Systems (ISS)US

24 Solutions AB 06/15/2015 CryptoNet SrlEurope

24/7 Customer, Inc. 03/26/2016 ControlCaseUS

2C Processor USA, LLC 03/07/2016 Information Exchange Inc.US

2C2P (Thailand) Co. Ltd. 04/27/2015 AGES Systems Gelderfarenit PTE LTDAsia Pacific

2C2P Pte., Ltd. 01/06/2016 TrustwaveAsia Pacific

2Checkout.com (2CO E-Commerce Payments LTD)

10/26/2015 DirectDefenseUS

3Cinteractive Corporation 08/14/2015 Online EnterprisesUS

3dCart (Informat 2000 Corp) 03/10/2016 SecurityMetricsUS

3Delta Systems, Inc. 09/16/2015 FortrexUS

ABC Financial Services, Inc. 08/10/2015 Coalfire Systems, Inc.US

Abtran Ltd. 10/01/2015 RitsEurope

Accel Networks 04/30/2015 CompliancePoint, Inc.US

Tuesday, May 03, 2016 Page 1 of 56

Page 2: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Accelerated Payment Technologies: a division of Global Payments Direct, Inc.

07/16/2015 Payment Software Company (PSC)US

Accenture LLP 09/26/2015 Verizon/CybertrustUS

ACCEO Solutions Inc. 11/06/2015 TrustwaveCanada

Acceptiva, LLC 03/30/2015 TrustwaveUS

Accertify, Inc. 06/05/2015 Halock Security LabsUS

Accesso, LLC 02/08/2016 TrustwaveUS

Acculynk Inc. (PaySecure, PayLeap, Payzur) 02/24/2016 Information Exchange Inc.US

Accumulate AB 09/30/2015 24 Solutions ABEurope

ACI Worldwide - Retail Decisions Inc. 12/29/2015 TrustwaveUS

Acquired Limited 01/22/2016 Coalfire Systems, Inc.Europe

ACS@Xerox, LLC (Xerox FPS Lockbox SunTrust Service)

06/04/2015 SecurityMetricsUS

Active Network (Active Merchant Services) [formerly (Infospherix, ReserveWorld, AWO)]

10/31/2015 K3DES LLCUS

Adelante Software Limited 09/14/2015 Pentest Partners Consulting LLP (PTP)Europe

Adflex Limited 06/26/2015 Evolution LTDEurope

Advam Pty Ltd. 04/26/2016 TrustwaveAsia Pacific

Adyen B.V. 09/15/2015 TrustwaveEurope

Affinity Solutions LLC 12/15/2015 Coalfire Systems, Inc.US

AGS Transact Technologies Limited 03/17/2015 SISA Information Security Pvt. Ltd.Asia Pacific

Aimia Canada Inc. and Aimia Proprietary Loyalty Canada Inc

06/18/2015 ControlCaseCanada

Airlines Reporting Corporation (ARC) 11/18/2015 Schellman & Company, Inc.US

Aizan Technologies Inc. 08/20/2015 DatassurantCanada

Akamai Technologies Inc. 06/26/2015 Cisco Systems, Inc.US

Alacriti Payments, LLC 01/03/2016 Dara SecurityUS

Tuesday, May 03, 2016 Page 2 of 56

Page 3: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Alegeus Technologies, LLC 07/07/2015 TrustwaveUS

Aliaswire, Inc. 09/18/2015 Dara SecurityUS

Alignet SAC 12/24/2015 ControlCaseLatin Americ

Alipay (Europe) Limited (Branded as “Alipay Europe”)

06/03/2015 atsec (Beijing) Information Technology Co., LEurope

Alipay.com Co., Ltd. (Alipay HangLv) 12/26/2015 atsec (Beijing) Information Technology Co., LAsia Pacific

Alliance Bank Malaysia Berhad 03/11/2016 Worldline International (Malaysia) Sdn. Bhd.Asia Pacific

Alliance Data Card Services (formerly Alliance Data - Retail Services)

02/19/2016 Verizon/CybertrustUS

AllianceOne Incorporated 12/18/2015 AT&T Consulting Solutions, Inc. (Verisign)US

Allied Wallet Ltd. (GTBill, Baltic Bill) 02/05/2016 DirectDefenseUS

Allpay Limited 02/09/2016 Sysnet Ltd.Europe

Alorica Direct, LLC (Alorica Direct II, LLC) 06/30/2015 Continuum WorldwideUS

Alorica Inc. 12/10/2015 K3DES LLCUS

Alpha Card Services Inc. 11/20/2015 Information Exchange Inc.US

Alpha Note, Inc. 12/09/2015 International Certificate Authority of Mgt SystAsia Pacific

Altapay Denmark (formerly Pensio A/S) 09/21/2015 FortConsult A/SEurope

Altech Card Solutions (Division of Altron TMT (Pty) Ltd)

03/03/2015 Sysnet Ltd.SAMEA

Altech NuPay (Pty) Ltd 06/18/2015 Sysnet Ltd.SAMEA

Amadeus IT Group S.A. (Spain) 12/14/2015 Security Research & Consulting GmbHEurope

Amazon Web Services, LLC 06/12/2015 Coalfire Systems, Inc.US

Amazon.com, Inc. 06/12/2015 Coalfire Systems, Inc.US

Amdocs Software System, Ltd. 11/18/2015 GRSee ConsultingUS

American Data Technology Inc. 04/22/2015 Specialized Security Services, Inc.US

Americaneagle.com (Svanaco, Inc.) 09/09/2015 FortrexUS

AnywhereCommerce Inc. 04/23/2015 Sysnet Ltd.Canada

Tuesday, May 03, 2016 Page 3 of 56

Page 4: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

AOC Solutions, Inc. 09/18/2015 FortrexUS

Apac Link Solutions Limited 05/09/2015 Thales Transport & Security (Hong Kong) LtdAsia Pacific

APCO Systems Ltd. 11/24/2015 Kyte Consultants, Ltd.Europe

Aperia Solutions (formerly Data Delivery Services, Inc.)

04/30/2015 Coalfire Systems, Inc.US

AppDirect, Inc. 03/03/2015 SecureWorksUS

Apriva, LLC (formerly APPSware Wireless, LLC) 09/08/2015 Schellman & Company, Inc.US

Aptos (formerly Epicor Retail Solutions Corporation)

07/30/2015 TrustwaveCanada

Aptos, Inc. - Digital Commerce (formerly ShopVisible LLC)

10/01/2015 CompliancePoint, Inc.US

Arab Financial Services B.S.C. 05/20/2015 SISA Information Security Pvt. Ltd.SAMEA

Arcelik T.A.S. 12/30/2015 Biznet Information SystemsEurope

Aria Systems, Inc. 02/10/2015 TrustwaveUS

Arise Virtual Solutions 05/31/2015 Online EnterprisesUS

Armenian Card CJSC (ARCA) 08/29/2015 InformzaschitaEurope

Armor Defense, Inc. 05/31/2015 Coalfire Systems, Inc.US

Artez Interactive 12/15/2015 ControlCaseCanada

Arvato Finance Services Ltd. 04/14/2016 Adsigo AGEurope

Ashburn International 12/30/2015 Cognit Consult, UABEurope

AsiaPay Limited 06/17/2015 TrustwaveAsia Pacific

ASJ Inc. 06/01/2015 Verizon/CybertrustAsia Pacific

Aspect Software, Inc. (Voxeo, Voxeo Europe Limited, Voxeo Germany GmbH)

03/23/2015 SuneraUS

Asseco SEE d.o.o. 07/13/2015 VOC-Consultancy BVEurope

Asseco SEE Teknoloji A.Ş (formerly Elektronik Sanal Ticaret Bilisim Hizmetieri A.S. (EST A.S.))

03/31/2016 Evolution LTDEurope

Tuesday, May 03, 2016 Page 4 of 56

Page 5: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

ASSIST.Technology (LLC) (formerly Modern Payment Solutions Ltd.)

06/16/2015 Security Research & Consulting GmbHEurope

AT&T Managed Firewall Service - Premise Based 08/31/2015 TrustwaveUS

AT&T Managed Hosting 11/30/2015 TrustwaveUS

AT&T Managed Services - AT&T Content Delivery Network (ACDN)

08/05/2015 TrustwaveUS

AT&T Managed Services - AT&T Encryption Services (AES)

12/11/2015 TrustwaveUS

AT&T Managed Services - AT&T Network Based IP VPN Remote Access Service/AT&T VPN Tunneling Service (ANIRAIAVTS)

08/03/2015 TrustwaveUS

AT&T Managed Services - AT&T Virtual Private Network Service (AVPN)/Enhanced Virtual Private Network (EVPN)/Private Network Transport (PNT)

08/03/2015 TrustwaveUS

AT&T Managed Services - Intrusion Detection Services & Intrusion Prevention Services (IDS/IPS)

09/30/2015 TrustwaveUS

AT&T Managed Services - IP Telephony and LAN Services (IPT/LS)

08/01/2015 TrustwaveUS

AT&T Managed Services - Managed Router Services (MRS)

07/31/2015 TrustwaveUS

AT&T Managed Services - Network Based Firewall (NBFW)

08/14/2015 TrustwaveUS

AT&T Managed Services - Network Security with Internet Access (NSIA)

09/10/2015 TrustwaveUS

AT&T Managed Services – Security Event and Threat Analysis (SETA)

12/30/2015 TrustwaveUS

AT&T Managed Services - VoiceTone/Interactive Voice Services-Advanced Plus

08/13/2015 TrustwaveUS

AT&T Synaptic Hosting & Application Services (AT&T SH&AS)

12/29/2015 TrustwaveUS

AT&T Synaptic Storage as a Service (STaaS) 03/09/2015 TrustwaveUS

Tuesday, May 03, 2016 Page 5 of 56

Page 6: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

AT&T Ultravailable Storage 06/09/2015 TrustwaveUS

Athenahealth, Inc. 10/02/2015 Security Risk AdvisorsUS

Atlatl, Inc (First One Now, LLC; Simply Easier Payments)

12/31/2015 TrustwaveUS

ATOS Information Technology GmbH 08/15/2015 usd AGEurope

AudienceView Ticketing Corporation 07/16/2015 NCI Secured IntelligenceCanada

Aurus Inc. (TalentBeat Inc.) 01/25/2016 K3DES LLCUS

AVF Consulting Inc. (ChargeLogic LLC) 12/03/2015 Dara SecurityUS

AXSY Software (UK) Ltd. (formerly Payliquid Marleting UK Ltd.)

07/24/2015 Nettitude Ltd.Europe

AzeriCard LLC 10/22/2015 TrustwaveEurope

Bambora Device AB (formerly Samport Payment Services AB)

09/11/2015 TrustwaveEurope

Bamcard d.d. 04/17/2016 Nethost Legislation LtdEurope

Bancard S.A. 06/19/2015 CYBSEC Security SystemsLatin Americ

Banco de Crédito Social Cooperativo (BCC) 10/15/2015 Internet Security Auditors, S.L.Europe

BancTec, Inc. 02/17/2016 TrustwaveUS

Bank Organization for Payments Initiated by Cards Ltd (BORICA)

09/01/2015 Security Research & Consulting GmbHEurope

Bankalararası Kart Merkezi A.Ş. (BKM) 05/11/2015 Biznet Information SystemsEurope

Bankart - Procesiranje Placilnih Instrumentov d.o.o.

05/29/2015 IBM Internet Security Systems (ISS)Europe

BankCard USA Merchant Services 01/22/2016 Information Exchange Inc.US

Banks Processing Center JSC (BPC) 12/16/2015 InformzaschitaEurope

Bank-Verlag GmbH 05/18/2015 Security Research & Consulting GmbHEurope

Barclaycard ePDQ 02/12/2016 NTT Security Ltd.Europe

Bassilichi SpA 03/10/2015 KIMA Projects & ServicesEurope

Bayern Card-Services GmbH (BCS) 03/10/2016 usd AGEurope

Tuesday, May 03, 2016 Page 6 of 56

Page 7: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

BC Victoriabank SA (JSCB Victoriabank) 03/01/2016 TrustwaveEurope

Beanstream Internet Commerce Corp. (Beanstream Internet Commerce Inc.)

07/10/2015 AppSec Consulting, Inc.Canada

Benefitfocus.com Inc. (Benefitfocus) 03/17/2015 FortrexUS

BEPSA del Paraguay SAECA 03/28/2016 CYBSEC Security SystemsLatin Americ

Bescontact, Ltd. (i-free) 11/11/2015 Digital SecurityEurope

Bigcommerce Holdings Inc. (Bigcommerce Pty Ltd., Bigcommerce Inc.)

05/07/2015 Payment Software Company (PSC)Asia Pacific

Bill1st, LLC 09/05/2015 SecurityMetricsUS

Billtrust (Factor Systems, Inc.) 03/20/2015 CrimsonSecurityUS

Blackbaud Internet Services 06/03/2015 Schellman & Company, Inc.US

Blackbaud Payment Service 02/16/2016 Schellman & Company, Inc.US

BluePay Processing LLC 03/31/2016 TrustwaveUS

Bluesnap Inc. (Bluesnap International Ltd) 07/24/2015 Comsec Consulting, Ltd.Europe

BNY Mellon (ClearTran; Electronic Receivable Payment Services)

08/26/2015 SecurityMetricsUS

Booking.com BV 07/07/2015 VOC-Consultancy BVEurope

BookingSuite (USA), Inc. 11/25/2015 KalioTek, Inc.US

BPC Processing, LLC (formerly BPC Banking Technologies)

04/26/2016 InformzaschitaEurope

BPS Info Solutions, Inc. (UltraCart) 08/01/2015 CompliancePoint, Inc.US

Braintree, a division of PayPal, Inc. 02/23/2016 Terra Verde LLCUS

BridgePay Network Solutions, Inc. (T-Gate Payments)

05/15/2015 A-Lign Security and Compliance ServicesUS

Brighterion 02/19/2016 KalioTek, Inc.US

Brightwell Payments Inc. (formerly Prepaid Solutions Inc.)

02/23/2016 Information Exchange Inc.US

Brinkman Financial Company, L.P. 06/26/2015 K3DES LLCUS

Tuesday, May 03, 2016 Page 7 of 56

Page 8: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

BTB Soft, Inc. (B2B Soft) 01/22/2016 Dara SecurityUS

Bucks Net Services Limited (BNS Payments) 12/01/2015 Foregenix LimitedEurope

BusinessRalliart Inc. 03/25/2015 International Certificate Authority of Mgt SystAsia Pacific

Bypass Mobile, LLC 06/29/2015 SecurityMetricsUS

ByTechService (formerly Marco-Plus LLC) 12/28/2015 Security Research & Consulting GmbHEurope

Bytemark, Inc. 08/31/2015 SecurityMetricsUS

C&K Systems, Inc. 07/10/2015 Sera-BrynnUS

Cabal Brazil Ltda. 03/09/2016 TrustwaveLatin Americ

CA-CP (Credit Agricole-Cards and Payments) - POS (Payment Transaction Collecting Service (TLX))

07/21/2015 Verizon/CybertrustEurope

Cale Access AB 09/28/2015 TrustwaveEurope

Caledon Card Services 05/12/2015 Secured Net Solutions Inc.Canada

Cantaloupe Systems, Inc. 08/03/2015 Truvantis, Inc.US

Capita Business Services (Capita Software Services)

12/29/2015 TrustwaveEurope

Capital Card Services, Inc. 08/13/2015 TrustwaveUS

Capital Payments LLC (Bluefin Payment Systems / Blue Financial Corporation)

06/18/2015 Coalfire Systems, Inc.US

Card Access Services Pty Ltd. 09/29/2015 TrustwaveAsia Pacific

CardFlex Inc. 08/17/2015 K3DES LLCUS

CardFlight, Inc 04/21/2016 SecurityMetricsUS

Cardinal Commerce Corporation 12/28/2015 Payment Software Company (PSC)US

Cardknox Development, Inc. 12/30/2015 SecurityMetricsUS

Cardlink S.A. 06/11/2015 Encode SAEurope

Cardlink Services Limited (CSL) (The BPAY Group; BPAY Pty Ltd)

06/19/2015 BAE Systems Applied Intelligence PTY LimiteAsia Pacific

Tuesday, May 03, 2016 Page 8 of 56

Page 9: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

CardProcess GmbH (VR-PAY Virtuell, POS-Netzbetrieb)

12/14/2015 Security Research & Consulting GmbHEurope

CardSmith, LLC 11/09/2015 TrustwaveUS

Cardstream Limited 08/28/2015 AmbersailEurope

Cardtronics Inc. (Cardtronics EFT) 05/27/2015 K3DES LLCUS

CardWorks Servicing, LLC 03/03/2016 TrustwaveUS

Carlson Hotels, Inc. 11/26/2015 Coalfire Systems, Inc.US

Carta Solutions Processing Services Corp. 12/29/2015 TrustwaveEurope

CartaSi S.p.A. (formerly Key Client Cards & Solutions S.p.A.)

06/30/2015 Verizon/CybertrustEurope

CashLINQ Group, LLC 09/28/2015 SecurityMetricsUS

Catalyst Corporate Federal Credit Union 12/23/2015 Tevora Business SolutionsUS

CATELLA Bank S.A. 01/15/2016 IT WorksEurope

Cayan LLC (Capital Bankcard; AVATAS Payment Solutions)

03/16/2016 TrustwaveUS

CBC Companies, Inc. (CBC Innovis, Inc. / Innovis Data Solutions, Inc., DataVerify)

05/12/2015 Verizon/CybertrustUS

CDMS Merchant Services Inc. 02/04/2016 Dara SecurityUS

CDS Global Inc. (formally Communications Data Services)

02/27/2015 Solutionary, Inc.US

CDS Global Inc. (PayDQ Gateway) 02/27/2015 Solutionary, Inc.US

Cedar Document Technologies 01/21/2016 Dara SecurityUS

Cendyn (Central Dynamics) 04/25/2016 SecurityMetricsUS

CenPos Inc. 08/20/2015 SecurityMetricsUS

Central Payment Corp (Smartpay Merchant Services)

11/30/2015 Coalfire Systems, Inc.US

Centrum Elektronicznych Uslug Platniczych (eService SA)

04/15/2015 SC2LabsEurope

Tuesday, May 03, 2016 Page 9 of 56

Page 10: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Centrum Rozliczeń Elektronicznych Polskie ePłatności S.A. (PeP)

04/13/2016 Sysnet Ltd.Europe

CenturyLink Hosted Storage and Backup Services 06/26/2015 Coalfire Systems, Inc.US

Cerdo Bankpartner AB 06/29/2015 Cybercom GroupEurope

Certain Software, Inc. 04/19/2016 Coalfire Systems, Inc.US

Certitrade AB 07/08/2015 FortConsult A/SEurope

Cetrel a SIX Group Company 07/10/2015 IT WorksEurope

CGI Bank and Card Services 08/04/2015 TrustwaveEurope

Change Healthcare (formerly Emdeon) 02/27/2016 Lattimore, Black, Morgan and Cain, P.C.US

Charge Anywhere, LLC (Comstar Interactive) 03/17/2016 CompliancePoint, Inc.US

Chargify, LLC 02/06/2015 Schellman & Company, Inc.US

Chase Paymentech Solutions, LLC. 02/17/2016 TrustwaveUS

Checkout Technology Limited 09/01/2015 Sysnet Ltd.Europe

China Unionpay Data Services Co., Ltd (CUPData)

03/30/2016 atsec (Beijing) Information Technology Co., LAsia Pacific

ChinaPay e-payment Service Co.,Ltd. 12/23/2015 atsec (Beijing) Information Technology Co., LAsia Pacific

Chip Card a.d 05/24/2015 VOC-Consultancy BVEurope

Chronopay Services LLC 09/07/2015 Security Research & Consulting GmbHEurope

Citrus Payment Solutions Pvt Ltd. 04/20/2015 ControlCaseAsia Pacific

Civica UK Ltd 08/13/2015 TrustwaveEurope

CJSC PC "CardStandard" (Previously West Siberian Processing Center)

12/15/2015 Compliance Control Ltd.Europe

Clear Choice Merchant Services (ClearGate) 06/26/2015 Information Exchange Inc.US

Clearent, LLC 04/15/2016 Brown Smith Wallace, LLCUS

Cleverbridge AG 02/25/2015 Security Research & Consulting GmbHEurope

Cloud Payment Inc. (formerly J-Payment Inc.) 06/24/2015 International Certificate Authority of Mgt SystAsia Pacific

ClubReady LLC 12/28/2015 Brown Smith Wallace, LLCUS

Tuesday, May 03, 2016 Page 10 of 56

Page 11: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

CoKinetic Systems India Pvt Ltd 03/11/2016 SISA Information Security Pvt. Ltd.Asia Pacific

Collector Solutions Inc. 04/07/2015 TrustwaveUS

CollegeNET 03/31/2016 Moss Adams LLPUS

Columbus Data Services LLC (CDS) (Innovus) 01/31/2016 K3DES LLCUS

CommerceGate Ireland Ltd. 07/23/2015 Sysnet Ltd.Europe

Commercial Bank Mobiasbanca - Groupe Societe Generale S.A. (BRD GSG)

12/18/2015 Endava LTDEurope

Commonpay GmbH 09/04/2015 usd AGEurope

CommuniGate GmbH 12/18/2015 usd AGEurope

Compass Plus Ltd. 12/28/2015 TrustwaveEurope

Complete Merchant Solutions 03/29/2016 SecurityMetricsUS

Complete Payment Systems (Latvia) 10/15/2015 NTT Security Ltd.Europe

Comprise Technologies, Inc. 03/19/2016 ControlCaseUS

Computer Services, Inc. 07/01/2015 Crowe Horwath LLPUS

Computercentrum C.van de Velden B.V. (CCV Holland)

03/21/2016 Adsigo AGEurope

CompuTop Wirtschaftsinformatik GmbH 02/18/2016 Adsigo AGEurope

Conductor Tecnologia S/A 01/29/2016 Cipher InformaticaLatin Americ

Confederacion Espanola de Cajas de Ahorros (CECABANK)

05/30/2015 S21sec Gestion, S.A.Europe

Consorzio Triveneto S.p.A. 01/13/2016 KIMA Projects & ServicesEurope

Contact Solutions Inc. 04/29/2016 SecurityMetricsUS

Contact-Center LLC (Contact24) 12/18/2015 Card Security LLCEurope

Continental Broadband Pennsylvania, LLC (Expedient)

06/18/2015 Packer ThomasUS

Continental Finance Company (CFC) 06/05/2015 TrustwaveUS

Convenient Payments, LLC (formerly Government Payments LLC)

03/17/2015 SecurityMetricsUS

Tuesday, May 03, 2016 Page 11 of 56

Page 12: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

ConVergence Technologies, Inc. (IPPAY) 02/12/2016 Sikich LLP (403 Labs)US

Convergys Corporation 06/26/2015 FortrexUS

Co-Op Financial Services (CU COOPERATIVE SYSTEMS, INC)

03/16/2015 Tevora Business SolutionsUS

CO-OP Member Center 03/16/2015 Tevora Business SolutionsUS

Corduro Inc. (Corduro Processing; Corduro Merchant Services)

03/10/2016 TrustwaveUS

CoreCard Software, Inc. 10/01/2015 CompliancePoint, Inc.US

CoreCommerce 06/09/2015 TrustwaveUS

Corvus Info d.o.o (ECS Croatia) 01/29/2016 Sysnet Ltd.Europe

Credencial Argentina S.A. 11/06/2015 CYBSEC Security SystemsLatin Americ

Credimatic S.A 03/16/2016 TrustwaveLatin Americ

CreditCall Communications Ltd. 04/13/2016 Foregenix LimitedEurope

Croem, Inc. (Sigma Processing Group) [US & LAC]

11/19/2015 Yusufali & Associates LLCUS

Crosskey Banking Solutions 08/08/2015 Verizon/CybertrustEurope

CrowdTorch (formerly TicketMob) 09/15/2015 True Digital Security, Inc.US

CSCBank SAL (CSC Lebanon) 12/31/2015 O-C GroupSAMEA

CSG Media (Content Direct) 03/13/2015 Solutionary, Inc.US

CSG Systems, Inc. - Interactive Messaging 05/05/2015 Solutionary, Inc.US

CSID (CSIDentity) 11/20/2015 Enterprise Risk ManagementUS

CSU Cardsystem S.A. 09/22/2015 TrustwaveLatin Americ

Cubic Transportation Systems, Inc. (Vancouver Compass Program)

12/04/2015 Payment Software Company (PSC)US

Curbstone Corporation 12/31/2015 CompliancePoint, Inc.US

CurvePay (formerly IRN Payment Systems) 11/12/2015 Information Exchange Inc.US

Cuscal Limited 04/15/2016 Verizon/CybertrustAsia Pacific

Tuesday, May 03, 2016 Page 12 of 56

Page 13: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Cvent, Inc. 09/08/2015 True Digital Security, Inc.US

CyberSource Corporation (CyberSource, Authorize.Net, CyberSource Managed Hosting, and Cybersource KK)

08/31/2015 TrustwaveUS

Cyprea Hotels & Travel Pvt. Ltd. 02/23/2015 ControlCaseAsia Pacific

Dai Nippon Printing Co, Ltd. (Prepaid) 12/26/2015 International Certificate Authority of Mgt SystAsia Pacific

DanDomain A/S 04/28/2016 FortConsult A/SEurope

DanubePay, a.s. 09/10/2015 TrustwaveEurope

Data Stream 07/28/2015 Information Exchange Inc.US

Datacom Payment Manager (Datacom Group Ltd.) 12/01/2015 Confide Ltd.Asia Pacific

DataDivider (ExoIS Inc) 09/29/2015 K3DES LLCUS

Dataline Systems, Inc. 12/31/2015 1st Secure IT, LLCUS

DataMatx, Inc. 11/23/2015 A-Lign Security and Compliance ServicesUS

DataPath, Inc. 03/02/2016 Online EnterprisesUS

DataPipe, Inc. 12/13/2015 Coalfire Systems, Inc.US

Datatrans AG 05/27/2015 Adsigo AGEurope

Datatrax Technologies, Inc. 03/12/2015 SecurityMetricsCanada

Daxko, LLC 07/27/2015 Schellman & Company, Inc.US

DeepCove Laboratories, Ltd. 09/23/2015 Sikich LLP (403 Labs)Canada

Delego Software, Inc. 06/23/2015 TrustwaveCanada

Demandware, Inc. (Demandware Digital Center) 08/20/2015 SecurityMetricsUS

Desjardin Card Services (Fédération des caisses Desjardins du Québec)

08/24/2015 NCI Secured IntelligenceCanada

DevCode Payment AB 06/01/2015 KnowIT Secure ABEurope

DIBS A/S 05/15/2015 FortConsult A/SEurope

Digital River Inc. (eSellerate, Mindvision, Reg Now, SWReg, THINK Subscription)

06/30/2015 AppSec Consulting, Inc.US

Tuesday, May 03, 2016 Page 13 of 56

Page 14: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Digital River World Payments Inc. (Digital River World Payments AB)

06/30/2015 AppSec Consulting, Inc.US

Direct Cash Management Inc. (Direct Cash Payments Inc.)

12/18/2015 Control Gap Inc.Canada

Direct Insite Corp 08/17/2015 Enterprise Risk ManagementUS

Direct Mail Processors Inc. 03/18/2016 FortrexUS

Direct Transact (Pty) Ltd 04/27/2016 Sysnet Ltd.SAMEA

Docdata Payments B.V. 07/29/2015 VOC-Consultancy BVEurope

Docket & Form International Limited (Dafil Ltd) 10/15/2015 O-C GroupEurope

Donor Services Group, LLC 09/15/2015 Aeris SecureUS

DST Output, LLC 04/08/2015 FishNet SecurityUS

Duncan Parking Technologies Inc. 06/12/2015 SecurityMetricsUS

Duncan Solutions (Professional Account Management)

06/12/2015 SecurityMetricsUS

Dzetta Processing Center (Dzetta) 03/25/2016 Security Research & Consulting GmbHEurope

E La Carte, Inc. 05/07/2015 Coalfire Systems, Inc.US

Early Warning Services, LLC 08/14/2015 Anitian CorporationUS

Easy Nolo S.p.A. 11/01/2015 NTT Security Ltd.Europe

Easy Pay Solutions, Inc. 04/22/2016 Payment Software Company (PSC)US

Easypay - instituicao de pagamento, Ida. 06/21/2015 FortConsult A/SEurope

EasyPay (Pty) Ltd 09/18/2015 TrustwaveSAMEA

EasySoft LLC (EasyPay) 05/22/2015 Sysnet Ltd.Europe

eBay Enterprise, Inc. 11/18/2015 TrustwaveUS

E-Billing Solutions Pvt. Ltd. 02/01/2016 ControlCaseAsia Pacific

Ebocom, LLC (POST Integrations Inc.) 02/15/2016 Verizon/CybertrustUS

EBRC (e-Business Resilience Center) 12/02/2015 IT WorksEurope

Tuesday, May 03, 2016 Page 14 of 56

Page 15: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Ecentric Payment Systems (Formerly E-Centric Switch)

01/08/2016 TrustwaveSAMEA

eComCharge Ltd. SIA 05/20/2015 NTT Security Ltd.Europe

Ecommpay LTD 02/11/2016 Sysnet Ltd.Europe

E-Complish, LLC 03/05/2016 Payment Software Company (PSC)US

EdgeCast Networks, Inc. an affiliate of Verizon Business Network Services, Inc.

03/30/2015 Tevora Business SolutionsUS

Edgil Associates, Inc 01/19/2016 Dara SecurityUS

EDI Health Group (DentalXChange) 08/31/2015 KalioTek, Inc.US

EDPS (Electronic Data Processing Source SA) 11/09/2015 O-C GroupEurope

EFTPOS New Zealand Limited 06/30/2015 Foregenix LimitedAsia Pacific

Egyptian Banks Company (EBC) 11/26/2015 Odyssey Consultants LimitedSAMEA

Eigen Development, LTD. 10/21/2015 Payment Software Company (PSC)Canada

Elavon Merchant Services Europe 01/13/2016 Verizon/CybertrustUS

Elavon Mexico (Merchant Services de México S.A. de C.V.)

11/30/2015 Verizon/CybertrustLatin Americ

Electronic Funds Source, LLC (EFS - Ogden, UT) 04/17/2015 Lattimore, Black, Morgan and Cain, P.C.US

Electronic Merchant Systems (OH based) (The Francis David Corporation)

04/26/2016 TrustwaveUS

Electronic Payments, Inc. (NY) 09/29/2015 Information Exchange Inc.US

Electronic Processing Services, LLC 06/25/2015 Information Exchange Inc.US

Electronic Transaction Systems Corporation (ETS Corp)

01/20/2016 Verizon/CybertrustUS

Element Payment Services Inc. (Element, EPS, Element Payment Services, a Vantiv Company)

01/06/2016 Optiv Security Inc.US

Emaratech FZ LLC 02/11/2016 Encode SASAMEA

Emerging Markets Payments (EMP) Financial Payments Solutions

01/04/2016 TrustwaveSAMEA

Emerging Markets Payments Jordan (EMP-J) 12/31/2015 TrustwaveSAMEA

Tuesday, May 03, 2016 Page 15 of 56

Page 16: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

EMIS - Empresa Interbancaria de Servicos 02/12/2016 FortConsult A/SSAMEA

Enacomm, Inc. 02/05/2015 True Digital Security, Inc.US

Endeavour Internet Business Solutions Ltd. (EIBS) 06/15/2015 Odyssey Consultants LimitedEurope

E-net Co., Ltd. 12/01/2015 International Certificate Authority of Mgt SystAsia Pacific

ePay A/S 03/17/2016 FortConsult A/SEurope

Epay AD (Epay.bg) 12/24/2015 TrustwaveEurope

ePay Healthcare 11/30/2015 360 Advanced, P.A.US

ePayData 10/21/2015 Information Exchange Inc.US

ePayLinks Limited (Branded as “ePayLinks”) 12/25/2015 atsec (Beijing) Information Technology Co., LAsia Pacific

Epicor Software Company 09/17/2015 TrustwaveUS

Epoch.com, LLC 11/15/2015 ProtivitiUS

eProcessing Network, LLC 06/12/2015 TrustwaveUS

EPS LT, UAB (formerly Universalios Valdymo Sistemos (UVS Lithuania))

12/12/2015 NTT Security Ltd.Europe

EPX Acquisition Company, LLC (Electronic Payment Exchange (EPX))

04/28/2015 Payment Software Company (PSC)US

Equens SE (Acquirer and Issuer) 04/18/2016 Noordbeek B.V.Europe

Equiant Financial Services, Inc. 07/27/2015 DatassurantUS

Equifax (US) 08/25/2015 Habif, Arogeti & Wynne, LLPUS

Erste Group Card Processor d.o.o. 01/19/2016 TrustwaveEurope

Escalion S.a.r.l. (Escalion) 11/15/2015 NTT Security Ltd.Europe

Ethoca Ltd. 07/08/2015 Sysnet Ltd.Canada

eTranzact Global 02/16/2016 ControlCaseSAMEA

Euro Payment Group GmbH 09/30/2015 TUV SUD Management Service GmbHEurope

Euro-Information 04/14/2015 TrustwaveEurope

Euronet Pakistan (PVT) Limited 05/22/2015 Risk Associates/Gaming Associates Inc.SAMEA

Euronet Services India Private Limited 12/24/2015 ControlCaseAsia Pacific

Tuesday, May 03, 2016 Page 16 of 56

Page 17: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Euronet Worldwide, European EFT Business 07/15/2015 Security Research & Consulting GmbHEurope

European Payment Services LDT (EPS) 08/17/2015 SecurityMetricsEurope

Eventbrite, Inc. 03/11/2016 Coalfire Systems, Inc.US

Everi, Inc. 12/14/2015 TrustwaveUS

Evertec Group, LLC 04/24/2015 1st Secure IT, LLCLatin Americ

Evertec Latinoamerica S.A. (EVERTEC Costa Rica-Mexico-Panama)

12/21/2015 1st Secure IT, LLCLatin Americ

EveryPay AS 02/16/2016 TrustwaveEurope

EVO Merchant Services Inc. (EVO Payments International, LLC)

11/09/2015 TrustwaveUS

EVO Payments International GmbH 05/15/2015 Security Research & Consulting GmbHEurope

Evolution1 04/29/2016 Compass IT ComplianceUS

Evry Card Acquiring Services (Evry AS) 04/17/2015 FortConsult A/SEurope

Evry Card Issuing Services 10/14/2015 FortConsult A/SEurope

EVRY Card Services AB 06/28/2015 FortConsult A/SEurope

EVRY Card Services AS (CE5) 01/29/2016 FortConsult A/SEurope

Evry FD Card (EVRY AS Norge) 03/08/2016 FortConsult A/SEurope

E-xact Transactions (Canada) 09/08/2015 TrustwaveCanada

Exigo Payment Service 03/07/2016 SecurityMetricsUS

Expert Global Solutions, Inc. (NCO Group, Inc., APAC Customer Services, Inc., EGS, Inc.)

02/24/2016 Payment Software Company (PSC)US

Ezic, Inc. 10/27/2015 Information Exchange Inc.US

Ezidebit Pty Ltd. 08/24/2015 TrustwaveAsia Pacific

Facebook Payments, Inc. 08/24/2015 Urbane SecurityUS

Fast Cash 07/20/2015 Information Exchange Inc.US

Fast Print & System LTDA (Fast Solutions) 08/21/2015 TrustwaveLatin Americ

Fat Zebra Pty LTD 04/04/2016 PCI Consulting Australia PTY, LTDAsia Pacific

Tuesday, May 03, 2016 Page 17 of 56

Page 18: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Fawry Integrated Systems 12/02/2015 ControlCaseSAMEA

Fexco Merchant Services (Fexco DCC (Dynamic Currency Conversion Limited))

05/07/2015 O-C GroupEurope

Fidelity Information Services - (FIS) - Merchant Acquiring and Credit Card Processing, Little Rock, AR

05/13/2015 TrustwaveUS

Fidelity Information Services - (FIS) Brazil, Fidelity Processadora e Services SA (FPS)

05/08/2015 TrustwaveLatin Americ

Fidelity Information Services - (FIS) International - EMEA-Ljubljana Branch Slovenia

09/29/2015 TrustwaveEurope

Fidelity Information Services - (FIS) Payments (UK) Limited - Merchant Payments

10/21/2015 TrustwaveEurope

Fidelity Information Services - Electronic Payment Presentment (FIS-EPP)

07/31/2015 TrustwaveUS

Fidelity Information Services - EZCard Charlotte, NC

03/18/2015 TrustwaveUS

Fidelity Information Services - Output Solutions St. Petersburg

10/21/2015 TrustwaveUS

Fidelity Information Services (FIS) - Certegy Card Services

10/01/2015 TrustwaveEurope

Fidelity Information Services (FIS) - Clear Commerce - New Berlin

05/15/2015 TrustwaveUS

Fidelity Information Services (FIS) - EFT / Payment Processing Norcross, GA

04/30/2015 TrustwaveUS

Fidelity Information Services (FIS) - Issuing Solutions, Debit Account, and Prepaid Card Solutions, Brown Deer, WI

05/15/2015 TrustwaveUS

Fidelity Information Services (FIS) - Loyalty Card Processing

05/29/2015 TrustwaveUS

Fidelity Information Services (FIS) - Mobile Banking/PrePaid

09/29/2015 TrustwaveUS

Fidelity Information Services (FIS) - Profile Outsourcing

12/29/2015 TrustwaveUS

Tuesday, May 03, 2016 Page 18 of 56

Page 19: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Fidelity Information Services (FIS) - St. Petersburg Debit EFT (formerly Chicago Authnet)

12/23/2015 TrustwaveUS

Fidelity Information Services (FIS) Australasia Pty PP Ltd

12/23/2015 TrustwaveAsia Pacific

Fidelity Information Services (FIS) Biller Service Provider, Brown Deer, WI

09/25/2015 TrustwaveUS

Fidelity Information Services (FIS) Credit Card Processing Little Rock, AR

05/28/2015 TrustwaveUS

Fidelity Information Services (FIS) Electronic Payment Services (EPS), New Berlin, WI

10/01/2015 TrustwaveUS

Fidelity Information Services (FIS) Lisle & Canton Remittance Processing Facility

12/29/2015 TrustwaveUS

Fidelity Information Services (FIS) NYCE Payments Network, Brown Deer, WI

12/30/2015 TrustwaveUS

Fidelity Information Services (FIS) PayDirect Solutions - Government (fomerly Link2Gov, Inc.)

03/23/2016 Schellman & Company, Inc.US

Fidelity Information Services (FIS) Payment and Solutions Services (PSS) India

10/06/2015 TrustwaveAsia Pacific

Fidelity Information Services (FIS) Remittance Processing, St. Petersburg, FL.

09/22/2015 TrustwaveUS

Fidelity Information Services (FIS) Sunrise Prepaid Processing

05/27/2015 IBM Internet Security Systems (ISS)US

Fidelity Information Services, Inc. - Output Solutions San Antonio

05/27/2015 TrustwaveUS

Financial Payment Services SRL (FPS) 08/17/2015 SecurityMetricsEurope

Financial Software and Systems Pvt. Ltd. (FSSNeT- Payment Gateway Services)

09/08/2015 ControlCaseAsia Pacific

Financial Transaction Services (CardConnect) (formerly Princeton Payments Solutions, LLC)

09/25/2015 SecurityMetricsUS

Financial Transmission Network, Inc. 02/24/2016 TrustwaveUS

Finanz Informatik GmbH & Co. KG 07/14/2015 usd AGEurope

Finanz Informatik Technologie Service GmbH & Co. KG

02/12/2016 usd AGEurope

Tuesday, May 03, 2016 Page 19 of 56

Page 20: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

FINEXUS International Sdn Bhd (ePROTEA and FINEXUS Group)

06/15/2015 TrustwaveAsia Pacific

Fintrax Teoranta 07/14/2015 NTT Security Ltd.Europe

FireHost Inc. 05/31/2015 Coalfire Systems, Inc.US

First American Payment Systems, LP 06/30/2015 IBM Internet Security Systems (ISS)US

First Atlantic Commerce Ltd. 04/22/2016 SecurityMetricsLatin Americ

First Data - Concord Electronic Financial Systems (CEFS) (FD Clientline Reporting)

09/15/2015 TrustwaveUS

First Data - Concord Financial Technologies (CFT) - (First Data Prepaid Services)

09/15/2015 TrustwaveUS

First Data - Global Gateway (First Data - LinkPoint/First Data YourPay)

09/15/2015 TrustwaveUS

First Data - Government Solutions (FDGS) 09/15/2015 TrustwaveUS

First Data - Money Network (Concord Financial Technologies)

09/15/2015 TrustwaveUS

First Data - Paypoint Electronic Payment Systems 09/15/2015 TrustwaveUS

First Data - RemitCo 09/15/2015 TrustwaveUS

First Data - Secure Transport (Datawire) 09/15/2015 TrustwaveUS

First Data - Slovakia--Serbia 10/08/2015 TrustwaveEurope

First Data – STAR (First Data STAR Networks Inc., First Data STAR Processing Systems Inc., First Data STAR Systems Inc.)

09/15/2015 TrustwaveUS

First Data - TeleCheck 09/15/2015 TrustwaveUS

First Data CAC, (Processing Center, S.A.) 03/24/2016 TrustwaveLatin Americ

First Data Do Brasil Solucoes de Pagamento LTDA (FD Brazil)

04/07/2016 TrustwaveLatin Americ

First Data India Pvt Ltd 12/12/2015 TrustwaveAsia Pacific

First Data International - China 09/17/2015 TrustwaveAsia Pacific

First Data International - Cono Sur (POSNET S.R.L)

03/16/2016 TrustwaveLatin Americ

Tuesday, May 03, 2016 Page 20 of 56

Page 21: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

First Data International - Deutschland (Germany) 09/19/2015 TrustwaveEurope

First Data International - Hellas (Greece) 11/25/2015 TrustwaveEurope

First Data International - Italy 11/23/2015 TrustwaveEurope

First Data International - Latvia 11/18/2015 TrustwaveEurope

First Data International - OmniPay Limited 10/01/2015 TrustwaveEurope

First Data International - Polska S.A. (Polcard) 05/19/2015 TrustwaveEurope

First Data International - TeleCash / First Data Global Services

09/21/2015 TrustwaveEurope

First Data International - UAB First Data Lietuva (Lithuania)

11/16/2015 TrustwaveEurope

First Data International - United Kingdom 10/15/2015 TrustwaveEurope

First Data International ANZ (First Data ANZ; FD ANZ)

09/15/2015 TrustwaveAsia Pacific

First Data Merchant Services (FDMS (PaySpring)) 09/15/2015 TrustwaveUS

First Data Resources 09/15/2015 TrustwaveUS

First Data Resources South Africa (Proprietary) Limited (First Data Merchant Solutions)

06/11/2015 TrustwaveSAMEA

First National Technology Solutions 03/04/2015 TrustwaveUS

First Ukrainian International Bank (FUIB) 08/12/2015 FortConsult A/SEurope

FirsTech, Inc. 03/17/2015 Schellman & Company, Inc.US

FIS Payments (UK) Limited - Debit & Prepaid (formerly Metavante Technologies Limited)

11/20/2015 TrustwaveEurope

FIS PayNetExchange (foermly SunGard AvantGard)

04/30/2016 K3DES LLCUS

Fiserv - Bank Solutions Eastern Region Atlanta Service Center Service Center

02/23/2016 Payment Software Company (PSC)US

Fiserv - Bank Solutions Precision Outsourcing 10/16/2015 Payment Software Company (PSC)US

Fiserv - Bank Solutions Product Management, Development and Support

06/15/2015 Payment Software Company (PSC)US

Tuesday, May 03, 2016 Page 21 of 56

Page 22: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Fiserv - BillMatrix 07/10/2015 Payment Software Company (PSC)US

Fiserv - Card Services - Credit Services (Formerly assessed as Fiserv - EFT and Fiserv - Card Services - Credit)

03/25/2016 Payment Software Company (PSC)US

Fiserv - Customer Solutions 11/30/2015 Payment Software Company (PSC)US

Fiserv - Digital Channels (formerly Fiserv - E-Banklng Hillsboro)

09/20/2015 Payment Software Company (PSC)US

Fiserv - Electronic Payments (Fiserv ePayments ) 10/29/2015 Payment Software Company (PSC)US

Fiserv - Enterprise Technology Group - Johns Creek, GA, Brookfield, WI, Irving, TX and Lewisville, TX Data Centers

10/31/2015 Payment Software Company (PSC)US

Fiserv - Galaxy 05/06/2015 Payment Software Company (PSC)US

Fiserv - Lending Solutions - Contact and Service Center (Formerly Amherst Call Center)

04/07/2016 Payment Software Company (PSC)US

Fiserv - Lending Solutions - LoanServ 11/20/2015 Payment Software Company (PSC)US

Fiserv - Prepaid Solutions 02/05/2016 Payment Software Company (PSC)US

Fiserv - Signature Development Lake Mary 08/15/2015 Payment Software Company (PSC)US

Fiserv - Virtual Branch 11/23/2015 Payment Software Company (PSC)US

Fiserv - Xroads 02/26/2016 Payment Software Company (PSC)US

Fiserv Bank Solutions - Cleartouch Outsourcing 01/27/2016 Payment Software Company (PSC)US

Fiserv Bank Solutions - Premier Outsourcing Eastern Region Brookfield Service Center

01/27/2016 Payment Software Company (PSC)US

Fiserv Bank Solutions - Premier Outsourcing Western Region Des Moines Service Center

11/10/2015 Payment Software Company (PSC)US

Fiserv Card Services - Debit Services 03/25/2016 Payment Software Company (PSC)US

Fiserv India Pvt. Ltd. 07/25/2015 ControlCaseAsia Pacific

Fiserv Output Solutions - Electronic Document Delivery (EDD)

02/26/2016 Payment Software Company (PSC)US

Forte Payment Systems (formerly ACH Direct) 04/14/2016 TrustwaveUS

ForwardLine Payment Services, LLC 07/07/2015 Accudata Systems, Inc.US

Tuesday, May 03, 2016 Page 22 of 56

Page 23: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

FoxyCart.com, LLC 03/20/2015 Specialized Security Services, Inc.US

FreedomPay, Inc. 08/31/2015 Coalfire Systems, Inc.US

Freestyle Solutions, Inc. (formerly Dydacomp Development Corp.)

05/10/2015 Schellman & Company, Inc.US

FreeWay Aps 02/16/2016 FortConsult A/SEurope

Frontline Processing 06/10/2015 ControlScanUS

FrontStream Payments, Inc. / FirstGiving Inc. 06/02/2015 ControlCaseUS

FSV Payment Systems, Inc. 06/13/2015 Verizon/CybertrustUS

Fujitsu America 04/21/2016 Verizon/CybertrustUS

FundsTech Corporation PTY (LTD) (FNDS3000 Corp)

10/26/2015 TrustwaveSAMEA

Galileo Processing, Inc. 03/15/2016 Cadence AssuranceUS

Ganart Technologies 02/11/2016 ControlCaseUS

Gateway Ticketing Systems, Inc. 10/27/2015 FortrexUS

Gazcardservice Ltd. 10/30/2015 Compliance Control Ltd.Europe

Genesis Financial Solutions, Inc. 08/28/2015 TrustwaveUS

Genesys - Angel.com Division (formerly Angel.com Incorporated and Microstrategy Inc.)

07/31/2015 Verizon/CybertrustUS

Genesys - SoundBite Division (SoundBite Communications and Proactive Customer Communication (PCC))

07/31/2015 Verizon/CybertrustUS

GETNET ADQUIRÊNCIA E SERVIÇOS PARA MEIOS DE PAGAMENTO S.A.

06/30/2015 Cipher InformaticaLatin Americ

GHL ePayments Sdn Berhad (GHL ePayments Co.,Ltd. (Thailand), GHL Systems Philippines, Inc. (Philippines))

10/05/2015 TrustwaveAsia Pacific

Gingerbread Shed Corporation 12/31/2015 TrustwaveUS

Gisland Ltd. (Cassava, Brigend, 888 Holdings, Dixie, VMSI srl, 888 Spain PLC)

12/31/2015 GRSee ConsultingEurope

Global Cash Card - (World Processing Limited) 10/08/2015 Coalfire Systems, Inc.US

Tuesday, May 03, 2016 Page 23 of 56

Page 24: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Global Collect Services B.V. (Global Collect Services USA)

09/15/2015 TrustwaveEurope

Global Electronic Technology 06/15/2015 Sikich LLP (403 Labs)US

Global Payments Asia Pacific Limited 12/08/2015 Payment Software Company (PSC)Asia Pacific

Global Payments Direct Inc. (Global Payments Global Service Center)

12/05/2015 Payment Software Company (PSC)US

Global Payments Europe, s.r.o. 11/11/2015 Payment Software Company (PSC)Europe

Global Processing Centre 01/05/2016 Information Exchange Inc.US

Global Processing SA 08/21/2015 TrustwaveLatin Americ

Global Processing Services Limited (formerly Global Processing Services FZLLC)

09/11/2015 Convergent Network Solutions, LtdSAMEA

Global Technologies Partners LLC 06/15/2015 Coalfire Systems, Inc.US

GoConcierge.net (Innsight Reports LLC.) 02/28/2015 Accretive Solutions Operating Corp.US

GoDaddy.com, LLC (Quick Shopping Cart) 12/15/2015 Coalfire Systems, Inc.US

GoEmerchant, LLC 05/28/2015 IBM Internet Security Systems (ISS)US

Government Payment Services, Inc. 03/20/2015 TrustwaveUS

Govolution, LLC 05/28/2015 IBM Internet Security Systems (ISS)US

Grant Street Group 10/25/2015 SecurityMetricsUS

Green Dot Corporation (Next Estate Communications, Inc.)

10/26/2015 SecurityMetricsUS

Group ISO 05/26/2015 Dara SecurityUS

GTECH UK Interactive Ltd. 10/23/2015 NTT Security Ltd.Europe

Guangzhou Easylink Commercial Services Co. Limited (Easylink Payment Co.Ltd.)

05/20/2015 Nexusguard Consulting LimitedAsia Pacific

Hamer Enterprises 12/09/2015 SecurityMetricsUS

Harte-Hanks, Inc. 11/30/2015 CyberEnsure, LLCUS

HCL Technologies (BPO Services) 10/23/2015 ControlCaseAsia Pacific

HealthPlan Services, Inc. 04/15/2016 GuidePoint Security, LLCUS

Tuesday, May 03, 2016 Page 24 of 56

Page 25: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Heartland Payment Systems, Inc. 04/20/2016 Coalfire Systems, Inc.US

Heidelberger Payment Consulting GmbH 04/08/2016 usd AGEurope

Helcim Inc. 06/25/2015 Secured Net Solutions Inc.Canada

Help Line S.p.A 06/30/2015 Verizon/CybertrustEurope

Hewlett Packard (Canada) Co. - (TD Bank Environment)

06/30/2015 ProtivitiCanada

Hewlett Packard Taiwan Limited 11/06/2015 Evolution LTDAsia Pacific

Higher One, Inc. (CASHNet) 01/15/2016 Coalfire Systems, Inc.US

HighRadius Corporation 09/14/2015 TrustwaveUS

Hitachi Payment Services Private Limited (formerly Prizm Payment Services Pvt. Ltd.)

03/15/2016 ControlCaseAsia Pacific

HostedPCI Inc. (2138617 Ontario Inc.) 10/21/2015 NCI Secured IntelligenceCanada

Hosting.com, Inc. 06/30/2015 360 Advanced, P.A.US

Hotelbeds Technology, S.L.U. 12/21/2015 Internet Security Auditors, S.L.Latin Americ

HP - Enterprise Services Regional Cards and Payments Utility (HP RCU)

09/03/2015 Vectra CorporationAsia Pacific

HP - Hewlett Packard - Brazil (HP Brazil Cards-Utility)

10/12/2015 TrustwaveLatin Americ

HP Enterprise Services - Commercial Card 12/30/2015 TrustwaveUS

HP Enterprise Services - Convenience Pay 12/22/2015 TrustwaveUS

HP Enterprise Services - Guidance Authorization 12/31/2015 TrustwaveUS

HP Enterprise Services - Merchant Acquirer 01/13/2016 TrustwaveUS

HP Enterprise Services - RCU Americas 01/25/2016 TrustwaveAsia Pacific

HPME (Hi-Media Porte-Monnaie Electronique) SA (HIPAY Wallet, HIPAY Direct)

03/04/2016 XMCO PartnersEurope

Hughes Network Systems 10/23/2015 IBM Internet Security Systems (ISS)US

Hugin Yaz1hm Teknolojileri A.S. 06/19/2015 Apersky Consulting LLCEurope

Humboldt Merchant Services (5967 Ventures) 07/16/2015 TrustwaveUS

Tuesday, May 03, 2016 Page 25 of 56

Page 26: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

i2c, Inc. (US, Canada, Latin America, Europe, Asia Pac, and SAMEA)

01/04/2016 TrustwaveUS

IATS, LLC (IATS Payments) 10/07/2015 IBM Internet Security Systems (ISS)US

IBM Deutschland Aviation Industry Services GmbH (formerly INF Services GmbH & Co. KG)

03/31/2016 usd AGEurope

IBM Payment Gateway 01/13/2016 TrustwaveEurope

Ibox Ltd. 07/24/2015 BMS Consulting LLCEurope

ICCREA BANCA SPA 10/02/2015 Bl4ckswan S.r.l.Europe

IDT Payment Services, Inc. (IDT Financial Services LLC)

05/20/2015 ANXeBusiness Corp.US

Ilixium 09/26/2015 TrustwaveEurope

Immediate Travel Industry Switching (Pty) Ltd. (ITIS)

03/02/2015 Foregenix LimitedSAMEA

iMobile3, LLC 03/31/2015 CompliancePoint, Inc.US

Inatec Payment AG (Inatec Solutions GmbH) 12/15/2015 Security Research & Consulting GmbHEurope

IndiaIdeas.com Limited (BillDesk) 09/07/2015 ControlCaseAsia Pacific

Industry Retail Group, Inc. 06/26/2015 Coalfire Systems, Inc.US

Infinitium Solutions Sdn. Bhd 03/24/2016 TrustwaveAsia Pacific

Infinity Data Corporation 12/16/2015 Information Exchange Inc.US

InfoCision Management Corporation (K & L Teleservices)

09/29/2015 SecurityMetricsUS

Information Technology Consultants (PTY) Ltd. 10/28/2015 TrustwaveSAMEA

InfoSend 06/29/2015 SecurityMetricsUS

InfusionSoft 10/19/2015 SecurityMetricsUS

Ingenico e-Commerce Solutions BVBA/SPRL (formerly Ogone)

02/12/2016 NTT Security Ltd.Europe

Ingenico Iberia S.L. 09/01/2015 Cognosec GmbHEurope

Innoviti Payment Solutions Pvt. Ltd. 07/21/2015 ControlCaseAsia Pacific

Tuesday, May 03, 2016 Page 26 of 56

Page 27: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

INPAS Company, LLC 10/05/2015 TrustwaveEurope

Inpas International East LLC (Transaction Systems PSP)

01/06/2016 TrustwaveEurope

InPlat Technologies Ltd. 06/19/2015 Digital SecurityEurope

Insight Card Services 11/10/2015 Information Exchange Inc.US

In-Solutions Global Pvt Ltd (ISG) 05/08/2015 ControlCaseAsia Pacific

INSOnline Limited 06/18/2015 usd AGEurope

InstaMed Communications 03/02/2016 TrustwaveUS

Integrated Multichannel Solutions SL 04/24/2015 S21sec Gestion, S.A.Europe

Integrity Payment Systems 02/03/2016 K3DES LLCUS

Intelligent Payments Group (Myriad Payments Ltd, Matrix Payments Ltd)

05/21/2015 TrustwaveEurope

Intellipay, Inc. 06/19/2015 TrustwaveUS

Interactive Communication International, Inc. (InComm) – Datawave Systems, Inc.

09/30/2015 IBM Internet Security Systems (ISS)US

Interactive Transaction Solutions Limited (ITS) 11/13/2015 O-C GroupEurope

Interbancos SA 11/16/2015 TrustwaveSAMEA

InterCard AG 12/03/2015 Adsigo AGEurope

Interface Security Systems 04/24/2015 SecurityMetricsUS

Interface Technologies (Reservit) 09/11/2015 XMCO PartnersEurope

International Bancard Corporation 11/30/2015 Merchant Preservation Services, LLCUS

International Card Systems AD (Casys) 06/09/2015 Adsigo AGEurope

International Cards Processing Services Ltd. (ICPS) (Mauritius Commercial Bank Ltd. (MCB))

12/02/2015 ControlCaseSAMEA

International Processing Systems LLC 02/02/2016 InformzaschitaEurope

Internet Payment Exchange, Inc. (IpayX) 08/10/2015 Megaplanit, LLCUS

Internet Payment Service, Inc. (IPS) 04/30/2015 BSI Management Systems Japan K.K.Asia Pacific

Tuesday, May 03, 2016 Page 27 of 56

Page 28: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Internet Ticketing Systems, Inc. (PrintTixUSA, Diamond Payment Systems, Diamond Ticketing Systems, ImagiTix)

11/25/2015 SecurityMetricsUS

Intersections Inc. 10/20/2015 ControlCaseUS

Interswitch Limited 01/15/2016 TrustwaveSAMEA

Intesa Sanpaolo Card limited liability company for card business

01/11/2016 Adsigo AGEurope

Intesa Sanpaolo Card payment card processing and development Ltd

10/29/2015 Adsigo AGEurope

Intrix Technology Inc. 04/01/2016 TrustwaveUS

Intuit BackOffice (Intuit Inc. - Innovative Merchant Solutions, LLC)

06/30/2015 Tevora Business SolutionsUS

Intuition, LLC (Bill2Pay) 10/26/2015 SecurityMetricsUS

IP Payments Pty Ltd. 04/17/2015 Vectra CorporationAsia Pacific

iPayment Technologies, Inc. 06/30/2015 TrustwaveUS

IPG Holdings Limited (Cyprus, Reg No.: HE 201826)

12/03/2015 Sikich LLP (403 Labs)Europe

IPS Group Inc. (North America, Mexico, and Canada)

10/14/2015 Tevora Business SolutionsUS

iQmetrix Software Development Corp. 09/11/2015 Above SecurityCanada

Iridium Corporation Limited 01/14/2016 SecuriCentrixEurope

Iron Mountain Information Management, Inc. (Iron Mountain)

09/18/2015 TrustwaveUS

ISPIN AG 12/15/2015 TUV SUD Management Service GmbHEurope

IT Card Centrum Technologii Ptatniczych SA (IT Card S.A.)

10/20/2015 IBM Internet Security Systems (ISS)Europe

ITransact, Inc. 05/04/2015 Specialized Security Services, Inc.US

ITS System Integrators Co. Inc. 11/30/2015 A-Lign Security and Compliance ServicesLatin Americ

Ixaris Systems (Malta) Ltd. (Entropay, lxaris Solutions, laxris Technologies)

12/17/2015 Kyte Consultants, Ltd.Europe

Tuesday, May 03, 2016 Page 28 of 56

Page 29: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

iZettle AB 06/18/2015 KnowIT Secure ABEurope

J.J. Mackay Canada Limited / Mackay Meters, Inc. 04/18/2016 TrustwaveCanada

J4S 03/10/2016 FortytwoEurope

Japan Card Network Co., Ltd. (CardNet Online Center)

03/31/2015 NRI Secure TechnologiesAsia Pacific

JCC Payment Systems 07/02/2015 TrustwaveEurope

JDA Software 06/30/2015 TrustwaveUS

Jelecos 12/16/2015 K3DES LLCUS

JetPay, LLC 03/16/2015 Kirkpatrick Price, Inc. dba Raven EyeUS

JHA Enterprise Payment Solutions (EPS) 09/25/2015 Coalfire Systems, Inc.US

JHA PPS - JHA Payment Processing Solutions - JHA PassPort EFT Solutions

08/31/2015 Coalfire Systems, Inc.US

JNR, Inc. 06/12/2015 Moss Adams LLPUS

Joint Electronic Teller Services Limited (JETCO) 03/06/2016 Evolution LTDAsia Pacific

JOINT-STOCK COMMERCIAL BANK “Agropromcredit”

12/24/2015 DialogueScience CJSCEurope

Jonas Fitness, Inc. 07/15/2015 Payment Software Company (PSC)US

JSC "Alfa·Bank'' 12/01/2015 DialogueScience CJSCEurope

JSC "National Payment Card System" (NSPK) 12/18/2015 Digital SecurityEurope

JSC Finam Bank 10/01/2015 DialogueScience CJSCEurope

JSC Georgian Card 10/23/2015 TrustwaveEurope

JSC Kazkommertsbank (KazKom) 12/11/2015 FortConsult A/SSAMEA

JSC Liberty Bank 01/11/2016 TrustwaveEurope

JSC Preprocessing center (Uniteller) 07/03/2015 Digital SecurityUS

JSC Sirena-Travel 02/02/2016 InformzaschitaEurope

JSC UkrCard 03/26/2015 TrustwaveEurope

JSC United Financial Corporation 09/30/2015 TrustwaveEurope

Tuesday, May 03, 2016 Page 29 of 56

Page 30: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Kalio, Inc. (D.M.insite) 04/07/2016 A-Lign Security and Compliance ServicesUS

Kalixa Operations GmbH 12/18/2015 Adsigo AGEurope

Karbil Yazilim ve Bilisim Teknolojileri Tic. A.S. (Cardtek Payment Processing Services formerly known as Cordis Network)

10/12/2015 Biznet Information SystemsEurope

Klarna AB 11/14/2015 NTT Security Ltd.Europe

Kobie Marketing, Inc. 01/04/2016 A-Lign Security and Compliance ServicesUS

Kony Solutions, Inc. 06/15/2015 Sikich LLP (403 Labs)US

Korta Payments (Kortathjonustan hf) 05/10/2015 FortConsult A/SEurope

Kount, Inc. (Keynetics) 10/08/2015 TrustwaveUS

KPS Payment GmbH & Co. KG 09/02/2015 Adsigo AGEurope

Krajowa Izba Rozliczeniowa S.A. 05/25/2015 SC2LabsEurope

Krueger Associates, Inc. (National Fulfillment Services)

10/26/2015 SecurityMetricsUS

Kubra Data Transfer Limited 02/16/2016 (1) Modosecurity Inc.Canada

Lamda Card Services Ltd. 10/27/2015 TrustwaveEurope

Lanyon (Starcite, Inc.) 06/05/2015 K3DES LLCUS

LexisNexis VitalChek Network, Inc. 10/06/2015 Schellman & Company, Inc.US

Link Processing Co., Ltd 05/29/2015 BSI Management Systems Japan K.K.Asia Pacific

Linq3 Technologies, LLC 10/16/2015 Payment Software Company (PSC)US

LiveOps Inc. 04/27/2016 TrustwaveUS

Living Social (ONOSYS - Online Ordering System) - (O-Web Technologies Inc.)

01/20/2016 Secure State ConsultingUS

lngenico Payment Services GmbH 06/26/2015 TrustwaveEurope

lnpas Company LLC 10/05/2015 TrustwaveEurope

Lottomatica Scommesse S.R.L. 09/25/2015 NTT Security Ltd.Europe

Tuesday, May 03, 2016 Page 30 of 56

Page 31: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Lufthansa AirPlus Servicekarten GmbH - Overall Acq Services, Issuing Processing and additional infrastructure

12/03/2015 Security Research & Consulting GmbHEurope

Lukoil – Inter-Card LLC 02/29/2016 Jet InfosystemsEurope

Lyra Network (France) 07/10/2015 Security Research & Consulting GmbHEurope

M&A Ventures, LLC (REPAY - Realtime Electronic Payments)

12/14/2015 Dara SecurityUS

M2 Payment Solutions (formerly M2Financial LTD) 08/25/2015 Information Exchange Inc.US

Magensa, LLC (a subsidiary of MagTek) 08/31/2015 Tevora Business SolutionsUS

Magic-Wrighter, Inc. 02/24/2016 TrustwaveUS

Main Street Softworks, Inc. 11/23/2015 SecurityMetricsUS

Maintech 12/14/2015 IBM Internet Security Systems (ISS)US

Mako Networks Ltd. 02/27/2015 Verizon/CybertrustAsia Pacific

Mall Resources PTE Ltd. 06/15/2015 ControlCaseSAMEA

MarketLive, Inc. 12/30/2015 Online EnterprisesUS

Marqeta, Inc 11/24/2015 Schellman & Company, Inc.US

Masabi, LLC 09/25/2015 Teamwork IMSEurope

MasterCard Incorporated - MasterCard IPS - Express Dubai (Credit/Debit Components)

03/25/2015 Payment Software Company (PSC)SAMEA

MattsenKumar Services Pvt Ltd 08/22/2015 ControlCaseAsia Pacific

Maxpay Limited 04/17/2015 Sysnet Ltd.Europe

Maxwell Paper Canada Inc. 12/04/2015 TELUS Security Solutions

MBS Textbook Exchange, Inc. - inSite 10/05/2015 TrustwaveUS

McKesson Business Performance Services (BPS) - McKesson Revenue Management Solutions (RMS)

02/25/2016 TrustwaveUS

MDM Bank, OJSC 11/13/2015 Jet InfosystemsEurope

Medoc Computers Ltd 03/13/2015 Sysnet Ltd.Europe

Tuesday, May 03, 2016 Page 31 of 56

Page 32: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

MegaPath Networks 05/20/2015 TrustwaveUS

Mercadotecnia, Ideas y Tecnologia S.A. de C.V. (MITEC)

05/29/2015 Foregenix LimitedLatin Americ

Merchant e-Solutions, Inc. (MeS) 11/11/2015 Coalfire Systems, Inc.US

Merchant Link, LLC 03/24/2016 TrustwaveUS

Merchant One Inc. 07/30/2015 Information Exchange Inc.US

Merchant Partners (Innuity, Inc.) 01/11/2016 Information Exchange Inc.US

Merchants Bancard Network (Formerly IMAX Bancard Network, LLC)

04/13/2015 SecurityMetricsUS

Mercury Payment Systems, Inc. (MPS) 01/21/2016 Optiv Security Inc.US

Meridian Enterprises Corporation 11/23/2015 ProtivitiUS

Merkle Response Management Group 04/03/2015 TrustwaveUS

MicroPayment AG 03/31/2016 usd AGEurope

Micropayment GmbH 02/27/2015 usd AGEurope

Microsoft Dynamics Online Payment Services 06/03/2015 Verizon/CybertrustUS

Middle East Payment Services (MEPS) 06/15/2015 RandomStormSAMEA

MilliKart Processing Center 04/08/2016 Jet InfosystemsEurope

Mindbody Inc. 09/17/2015 Payment Software Company (PSC)US

Mi-Pay Limited 07/31/2015 NCC GroupEurope

Mobil-Cash Europa Zrt. 01/27/2016 Cognosec GmbHEurope

Mobo Systems Inc. (Olo) 01/26/2016 SecurityMetricsUS

Moduslink 06/05/2015 TrustwaveUS

MoldMediaCard SRL 12/30/2015 TrustwaveEurope

Moneris Shared Cash Dispensing (SCD) and Payment Systems Infrastructure at the Royal Bank of Canada

10/01/2015 TrustwaveCanada

Moneris Solutions Corporation / Moneris Solutions, Inc.

09/25/2015 The Herjavec Group Inc.Canada

Tuesday, May 03, 2016 Page 32 of 56

Page 33: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Monet+ a.s. 12/14/2015 Apersky Consulting LLCEurope

Monexa Services, Inc. (formerly IP Applications, Inc.)

06/28/2015 IPSCanada

Monext - Acquiring by Monext 11/30/2015 XMCO PartnersEurope

Monext - Merchant Services (Payline, Payavenue, Tokenizer)

12/17/2015 XMCO PartnersEurope

Monext (Cards by Monext) 05/22/2015 XMCO PartnersEurope

Money Movers Inc. 03/03/2015 Contextual Security Solutions, LLCUS

MoneyApps LLC 04/05/2016 Compliance Control Ltd.Europe

Moneytree ATM LLC (Digital Network Solutions) 04/30/2015 Information Exchange Inc.US

Moore Wallace (R.R. Donnelley Business Communication Services) - Canada

06/17/2015 Solutionary, Inc.Canada

Motionsoft 05/01/2015 ControlCaseUS

Motivational Fulfillment & Logistics Services (Motivational Marketing Inc.)

02/26/2016 Tevora Business SolutionsUS

Mozido 12/16/2015 NDB Advisory LLCUS

Mozobi 09/01/2015 Foregenix LimitedEurope

mPAY24 GmbH 12/14/2015 Security Research & Consulting GmbHEurope

MPP Global Solutions 02/05/2016 NCC GroupEurope

MPP Magyarorszag Zrt. 04/30/2015 Apersky Consulting LLCEurope

mStart d.o.o. (mStart Agrokor) 03/11/2015 Cognosec GmbHEurope

Mswipe Technologies Pvt. Limited 12/25/2015 ControlCaseAsia Pacific

Multi Service Technology Corporation, Inc. 06/09/2015 TrustwaveUS

Multicarta Ltd. 11/06/2015 Compliance Control Ltd.Europe

Multifunctional Processing Company LLC 05/27/2015 Deiteriy Company Ltd.Europe

MyGate Communications (Pty) Ltd 12/22/2015 Sysnet Ltd.SAMEA

Nab Argus Acquisition LLC (formerly Argus Payments Inc.)

05/20/2015 TrustwaveUS

Tuesday, May 03, 2016 Page 33 of 56

Page 34: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

National Bankcard Services, Inc. 10/01/2015 RSM McGladrey, Inc.US

National Credit Cards (CJSC) 10/30/2015 NvisionGroupEurope

National Information Solutions Cooperative (NISC) 06/22/2015 TrustwaveUS

National Systems Corporation (QuikOrder, Inc.) 09/30/2015 TrustwaveUS

Nationwide Payment Solutions, LLC 01/31/2016 ControlCaseUS

Navient Solutions, Inc. (Sallie Mae Corporation) 03/24/2015 Specialized Security Services, Inc.US

Navitaire Inc. 06/16/2015 TrustwaveUS

Nayax Ltd. 07/24/2015 Comsec Consulting, Ltd.Europe

NBCO Yandex.Money LLC 12/29/2015 Jet InfosystemsEurope

NBS Payment Solutions (Division of NBS Technologies, Inc.)

05/29/2015 Control Gap Inc.Canada

NCR - CP Gateway (formerly Radiant Systems - CP Gateway)

11/15/2015 Habif, Arogeti & Wynne, LLPUS

NCR Connected Payments 03/11/2016 Coalfire Systems, Inc.US

NCR CPOnline (formerly Radiant Systems - CP Online)

01/31/2016 Habif, Arogeti & Wynne, LLPUS

NCR SaaS Data Centers SecurePay 05/26/2015 ControlCaseUS

Nelnet Business Solutions (QuickPay) 03/31/2016 Coalfire Systems, Inc.US

Nelnet Transaction Solutions (CRYPTPAY) 07/16/2015 Coalfire Systems, Inc.US

Nepal Investment Bank Limited 01/11/2016 TrustwaveAsia Pacific

Nepting SAS 10/19/2015 Security Research & Consulting GmbHEurope

Net1 01/18/2016 TrustwaveSAMEA

NetCentriX Inc (TransVerse Systems LLC) 03/10/2016 Information Exchange Inc.US

Netcetera AG 12/03/2015 Adsigo AGEurope

Netopia SRL 06/12/2015 Endava LTDEurope

NetPay International Ltd. 12/19/2015 Comsec Consulting, Ltd.Europe

NetPay S.A.de C.V. 12/23/2015 ControlCaseLatin Americ

Tuesday, May 03, 2016 Page 34 of 56

Page 35: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Nets Denmark A/S 09/14/2015 Foregenix LimitedEurope

Nets Estonia AS (previously Pankade Kaardikeskus AS)

12/14/2015 Foregenix LimitedEurope

Nets Finland Oy (formerly Manison Maksujärjestelmät Oy)

06/12/2015 Foregenix LimitedEurope

Nets Norway AS 07/14/2015 Foregenix LimitedEurope

Nets Oy 06/12/2015 Foregenix LimitedEurope

NetSpend Corporation (Skylight Financial Inc.) 11/04/2015 Coalfire Systems, Inc.US

NetSuite Inc. 03/10/2016 TrustwaveUS

Network International – Egypt 03/31/2016 TrustwaveAsia Pacific

Network International, LLC (NETWORK Ae) 12/10/2015 M. Kuppuswamy PSG & Co.SAMEA

Network Merchants, LLC (Network Merchants Payment Gateway)

02/12/2016 TrustwaveUS

Newegg, Inc. 01/06/2016 TrustwaveUS

Newtek Merchant Solutions (Universal Processing Services of Wisconsin)

11/20/2015 SecurityMetricsUS

Nexcess.net, LLC 04/17/2015 Schellman & Company, Inc.US

NIC Services, LLC 08/18/2015 TrustwaveUS

NitroSell Ltd. 04/22/2016 TrustwaveEurope

Nochex Ltd 09/25/2015 RandomStormEurope

North American Bancard, Inc. (TransGlobal Payment Systems, Wholesale Processing Club)

06/18/2015 TrustwaveUS

nTrust Corp. 12/08/2015 ControlCaseAsia Pacific

NTT Data (Thailand) Co., Ltd (formerly Accellence (Thailand) Ltd.)

11/16/2015 ControlCaseAsia Pacific

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (BiueGate/OricoPayment System)

05/31/2015 BSI Management Systems Japan K.K.Asia Pacific

Tuesday, May 03, 2016 Page 35 of 56

Page 36: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (INFOX-NET)

06/09/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, Cards and Payments Services Division (CAFIS Paper Slip Management Service) (formerly CAFIS Sales Slip Storage System)

12/04/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, Cards and Payments Services Division (InControl GW System)

05/14/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, Cards and Payments Services Division (VCN Management Center)

05/29/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (Brand Prepaid Card GW)

05/14/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (CDS)

05/04/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (Credit Receipt Proxy Service)

06/25/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, First Financial Sector Cards and Payments Services Division (PastelPort)

05/17/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, IT Services & Payments Services Sector Cards & Payments Services Division (ACS)

07/30/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, IT Services & Payments Services Sector Cards & Payments Services Division (Multiple Currency Settlement Service)

09/15/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, IT Services & Payments Services Sector Cards & Payments Services Division (Petroleum Industry Shared Authorization Center)

09/24/2015 BSI Management Systems Japan K.K.Asia Pacific

Tuesday, May 03, 2016 Page 36 of 56

Page 37: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

NTT DATA CORPORATION, IT Services & Payments Services Sector Cards & Payments Services Division (VM-ATM System)

09/16/2015 BSI Management Systems Japan K.K.Asia Pacific

NTT DATA CORPORATION, IT Services & Payments Services Sector Cards and Payments Services Division (CAFIS System)

08/31/2015 BSI Management Systems Japan K.K.Asia Pacific

Nuance Communications, Inc. 01/18/2016 TrustwaveUS

Office24 Co., Ltd. 02/28/2015 International Certificate Authority of Mgt SystAsia Pacific

Official Payments - EBPP (formerly ACI Worldwide, Inc. - eCommerce division - Princeton)

07/15/2015 TrustwaveUS

OK Processing Ltd (OK Ltd.) 09/30/2015 InformzaschitaEurope

Oltio (PTY) Ltd. 09/29/2015 TrustwaveSAMEA

Omney 03/04/2016 Payment Software Company (PSC)US

OmniTicket, Network, Ltd. 12/01/2015 CompliancePoint, Inc.US

One, Inc. 11/14/2015 Sikich LLP (403 Labs)US

Onelya, LLC 04/29/2015 Digital SecurityEurope

Online Payments LLC (PlatBox) 09/14/2015 Digital SecurityEurope

Online Services Corp. 07/05/2015 Secured Net Solutions Inc.Canada

Online Tech, LLC 08/28/2015 UHY Advisors TX, LLCUS

Open joint stock company "BANK URALSIB" 06/16/2015 Sysnet Ltd.Europe

OPENTECH Software Engineering s.r.l. 11/12/2015 KIMA Projects & ServicesEurope

Operadora de Tarjetas de Credito Nexus S.A. 09/13/2015 TrustwaveLatin Americ

Optimal Payments PLC (NetBanx Limited, NetBx Services Inc., NetBx Technologies Inc., NBX Merchant Services Inc., NBX Merchant Services (Australia) Pty Ltd)

08/08/2015 TrustwaveCanada

Optomany Limited 10/01/2015 Foregenix LimitedEurope

Oracle Commerce 08/31/2015 Coalfire Systems, Inc.US

Oracle Managed Cloud Services (OMCS) 08/31/2015 Coalfire Systems, Inc.US

Tuesday, May 03, 2016 Page 37 of 56

Page 38: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Oracle Retail Cloud Hosting North America 10/09/2015 Coalfire Systems, Inc.US

Oracle RightNow (Commercial PCI) 05/04/2015 Schellman & Company, Inc.US

Oracle RightNow (Public Sector PCI) 05/04/2015 Schellman & Company, Inc.US

Oracle USA, Inc. - E-Billing 08/31/2015 Coalfire Systems, Inc.US

Orbitall Servicos e Processamento de Informacoes Comerciais Ltda

10/23/2015 Cipher InformaticaLatin Americ

OrderMotion, Inc. 07/08/2015 TrustwaveUS

OrthoBanc, Inc. 08/31/2015 Sword & Shield Enterprise Security, Inc.US

Oy Samlink Ab 12/16/2015 NSense OyEurope

PAAY 11/12/2015 True Digital Security, Inc.US

Pace Payment Systems (Century Bankcard Services)

02/29/2016 Information Exchange Inc.US

Paciolan Inc. 12/31/2015 TrustwaveUS

Pago Merchant Solutions L.P. 09/07/2015 Sysnet Ltd.Europe

Palm Coast Data and Kable News Company 01/05/2016 K3DES LLCUS

PAMS Lunchroom LLC 01/22/2016 TrustwaveUS

Panasonic Avionics Corporation 02/09/2016 DirectDefenseUS

Paramount Acceptance (Federal Recovery Systems Inc.)

06/25/2015 SecurityMetricsUS

Parkeon Europe (Besancon Platform) - (Archipel) 06/25/2015 TrustwaveEurope

Parkmobile, LLC (formerly Parkmobile USA, Inc.) 12/15/2015 Habif, Arogeti & Wynne, LLPUS

Passport Parking, Inc. 09/28/2015 A-Lign Security and Compliance ServicesUS

PatientPay 07/27/2015 SecurityMetricsUS

Patron Manager, LLC 03/04/2016 Optiv Security Inc.US

Pay Now Tanzania Limited 11/30/2015 Kyte Consultants, Ltd.SAMEA

PAY.ON AG 06/16/2015 Adsigo AGEurope

Payair Technologies AB 02/11/2016 24 Solutions ABEurope

Tuesday, May 03, 2016 Page 38 of 56

Page 39: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

PayAnywhere, LLC 08/05/2015 TrustwaveUS

PayByPhone Technologies, Inc. 12/09/2015 Kirkpatrick Price, Inc. dba Raven EyeCanada

Paydesign (formerly Digital Check, Inc.) 12/28/2015 International Certificate Authority of Mgt SystAsia Pacific

Paydiant Inc. (Paypal) 12/23/2015 Payment Software Company (PSC)US

Payer Financial Services AB 06/26/2015 Sentor Managed Security ServicesEurope

PayEx Holding AB (formerly PayEx Solutions AS (Payex IPSP))

10/14/2015 NTT Security Ltd.Europe

PayFabric (Nodus Technologies, Inc.) 01/06/2016 Dara SecurityUS

PayFast (Pty) Ltd. 12/18/2015 Foregenix LimitedSAMEA

Payflex Systems USA, Inc. 12/02/2015 TrustwaveUS

PayGate (Pty) Ltd 11/23/2015 Sysnet Ltd.SAMEA

PayItEasy BVBA 02/19/2016 FortytwoEurope

PayItSimple Ltd. (Splitit USA Inc, Splitit Capital Inc, Splitit UK Ltd, Splitit Capital UK Ltd)

11/28/2015 GRSee ConsultingEurope

Payius AB 12/14/2015 Sysnet Ltd.Europe

PayJunction (Messiahic, Inc.) 04/22/2016 Payment Software Company (PSC)US

PayLease, LLC 03/07/2016 SecurityMetricsUS

PAYLER LLC 04/03/2015 FortConsult A/SEurope

Paylink SH.A 07/02/2015 Security Research & Consulting GmbHEurope

PayMate India Private Limited 11/25/2015 ControlCaseSAMEA

Payment Data Systems Inc. (Ficentive) 05/08/2015 Information Exchange Inc.US

Payment Express Limited 10/20/2015 Confide Ltd.Asia Pacific

Payment Express Ltd. (Mauritius) 02/04/2016 Sysnet Ltd.SAMEA

Payment Logistics, LLC 01/31/2016 K3DES LLCUS

Payment Processing Partners, Inc. (ChargeItPro) 05/29/2015 Dara SecurityUS

Payment Processing, Inc. (PPI) (A wholy owned subsidiary of Global Payments Direct, Inc.)

04/25/2016 Payment Software Company (PSC)US

Tuesday, May 03, 2016 Page 39 of 56

Page 40: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Payment Service Network 06/19/2015 Coalfire Systems, Inc.US

Payments Gateway Solutions Pvt. Ltd. (PaymentZ) 04/23/2015 SISA Information Security Pvt. Ltd.Asia Pacific

PaymentSpring, Inc. 06/29/2015 SecurityMetricsUS

Paymentus Corporation 10/30/2015 K3DES LLCCanada

Paymentworld LLC 12/28/2015 Dara SecurityUS

Paymetric, Inc. 08/14/2015 TrustwaveUS

Paynear Solutions Private Limited 03/10/2016 TrustwaveAsia Pacific

Paynova AB 06/12/2015 NTT Security Ltd.Europe

Payone GmbH & Co. KG 12/02/2015 usd AGEurope

Payoneer Inc. (Payoneer Payment Solutions Ltd., Payonner EU)

06/12/2015 Comsec Consulting, Ltd.Europe

PayPal, Inc. 12/03/2015 K3DES LLCUS

PayRu Services LTD 02/20/2015 Dara SecurityAsia Pacific

Payscout, Inc. 11/20/2015 Aeris SecureUS

PaySimple 08/20/2015 Coalfire Systems, Inc.US

PaySpan, Inc. 11/25/2015 Schellman & Company, Inc.US

PayTel S.A. 03/16/2015 IBM Internet Security Systems (ISS)Europe

Paythru Ltd. (formerly TxtTrans) 03/14/2016 O-C GroupEurope

PayTrace, Inc. 09/11/2015 SecurityMetricsUS

Paytrek Ödeme Kuruluşu Hizmetleri A.Ş. 10/14/2015 TrustwaveEurope

Payture Limited (Payments LLC) 04/02/2015 FortConsult A/SEurope

PayU Payment Solutions (Pty) Ltd. 10/08/2015 Sysnet Ltd.SAMEA

PayU Romania (formerly GeCAD ePayment International SA)

05/14/2015 Sysnet Ltd.Europe

Payvision B.V. 06/26/2015 TrustwaveEurope

Paywire, Inc. 02/08/2016 Dara SecurityUS

Paywizard PLC 11/23/2015 AmbersailEurope

Tuesday, May 03, 2016 Page 40 of 56

Page 41: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

PayXpert 06/30/2015 XMCO PartnersEurope

Payzone Ireland Ltd. 11/14/2015 NTT Security Ltd.Europe

Payzone Nordic AB 06/17/2015 Cybercom GroupEurope

PCIPay, LLC 09/09/2015 Coalfire Systems, Inc.US

PetaFuel GmbH 12/18/2015 usd AGEurope

Phoenix Informatica Bancaria S.p.A. 12/15/2015 Verizon/CybertrustEurope

Phoenix Managed Networks LLC (PMN) 09/04/2015 Dara SecurityUS

Phoenix Nap LLC 01/31/2016 Coalfire Systems, Inc.US

Phone Swipe 06/25/2015 TrustwaveUS

Phreesia 01/15/2016 ControlScanUS

Pil.dk/Quickpay.dk (Pil-Professionelle Internetlosninger Aps.)

04/12/2016 FortConsult A/SEurope

Piraeus Bank S.A. 03/23/2016 TrustwaveEurope

Pivotal Payments 03/23/2015 SecurityMetricsCanada

Planet Payment, Inc. (Planet Group, Inc.) 12/28/2015 SISA Information Security Pvt. Ltd.US

Platina Commercial Bank 10/22/2015 Compliance Control Ltd.Europe

Plug’n Pay Technologies (Plug’n Pay) 01/26/2016 Megaplanit, LLCUS

Pluscard GmbH 06/12/2015 usd AGEurope

PMTsolutions AG 11/16/2015 Adsigo AGEurope

Portmone.com (LLC "Financial Company IBC") 12/15/2015 Security Research & Consulting GmbHEurope

Posatel Inc. 03/04/2016 UbitrakCanada

POST Integrations, Inc. 02/15/2016 Verizon/CybertrustUS

PostFinance AG (formerly Swiss Post PostFinance)

02/12/2016 NTT Security Ltd.Europe

PPSI Inc. (formerly Electronic Payment Exchange (EPX) and Phoenix Payment Systems, Inc.)

04/28/2015 Payment Software Company (PSC)US

Preferred Health Technology 02/11/2016 TrustwaveUS

Tuesday, May 03, 2016 Page 41 of 56

Page 42: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Premier Switch Solutions S.C. (Wondmagegn Hunde)

06/23/2015 ControlCaseSAMEA

PrePay Technologies (Prepay Solutions) 06/09/2015 Foregenix LimitedEurope

Primoris Services, LLC 07/23/2015 SecurityMetricsUS

Priority Fulfillment Services, Inc. (PFSWeb, Inc.) 07/27/2015 TrustwaveUS

Priority Payment Systems (PPS) LLC 08/18/2015 Coalfire Systems, Inc.US

Prisma Medios De Pago (formerly VASA - Visa Argentina)

02/20/2015 1st Secure IT, LLCLatin Americ

Procesos de Medios de Pagos S.A 06/15/2015 1st Secure IT, LLCLatin Americ

Processing.com (Cardconcepts Europe Ltd.) 10/16/2015 SecurityMetricsUS

Promoción y Operación, S.A de C.V. (Prosa) 04/08/2015 Sikich LLP (403 Labs)Latin Americ

ProPay, Inc 06/29/2015 Cadence AssuranceUS

Propco Incentives (Propco Marketing (Propp Corp))

04/15/2015 Cisco Systems, Inc.US

Provus Service Provider S.A. 09/08/2015 TrustwaveEurope

PSCU Financial Services, Inc. 02/28/2016 Tevora Business SolutionsUS

PT Multi Adiprakarasa Manunggal ("Kartuku"), Jakarta, Indonesia

09/04/2015 TUV Rheinland Indonesia, PTAsia Pacific

PXP Solutions Inc - (fka: Servebase Computers Limited)

12/19/2015 Foregenix LimitedEurope

QPAY India Pvt. Ltd. 04/11/2016 ControlCaseAsia Pacific

QS/1 Data Systems (JM Smith Corporation) 07/08/2015 TrustwaveUS

Qualpay, Inc. 03/07/2016 Coalfire Systems, Inc.US

Quick Check Ltd (MyCheck) 09/09/2015 GRSee ConsultingEurope

Quipu GmbH 06/02/2015 TUV SUD Management Service GmbHEurope

Rackspace Hosting, Inc. 07/15/2015 TrustwaveUS

Rapid Investments 02/29/2016 ControlCaseUS

Razorpay Software Pvt. Ltd. 10/14/2015 ControlCaseAsia Pacific

Tuesday, May 03, 2016 Page 42 of 56

Page 43: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

RBK Money Limited 07/01/2015 Security Research & Consulting GmbHEurope

Real Time Ordering 01/18/2016 A-Lign Security and Compliance ServicesUS

Realex Payments (Pay and Shop Ltd) 11/01/2015 Payment Software Company (PSC)Europe

RealPage 07/21/2015 FishNet SecurityUS

Recurly, Inc. 03/15/2016 Coalfire Systems, Inc.US

Red Link S.A. 02/12/2016 CYBSEC Security SystemsLatin Americ

Redbanc S.A. 08/20/2015 TrustwaveLatin Americ

Redsýs Servicios de Procesamiento S.L. 12/10/2015 S21sec Gestion, S.A.Europe

Reiknistofa Bankanna hf. 11/19/2015 TrustwaveEurope

Reliant Security 12/31/2015 Coalfire Systems, Inc.US

Rentabiliweb Europe - Be2bill 03/30/2015 ProvadysEurope

Retail in Motion (Paygate Services) 05/19/2015 Espion LTDEurope

Retiarius, GMBH 02/12/2016 Kyte Consultants, Ltd.Europe

Rev Worldwide, Inc. (formerly MPOWER Labs (Mango Financial, Inc.))

10/29/2015 Certify Audit Services, Inc.US

Revention, Inc. 11/30/2015 A-Lign Security and Compliance ServicesUS

RevTrak, Inc. 06/29/2015 Kirkpatrick Price, Inc. dba Raven EyeUS

Rewards Network Establishment Services Inc. 06/28/2015 SuneraUS

Rietumu Banka (DECTA) 12/14/2015 FortConsult A/SEurope

Roam Data, Inc. 10/20/2015 Dara SecurityUS

RocketGate, LLC 10/08/2015 Sikich LLP (403 Labs)US

Romcard S.A. 11/17/2015 TrustwaveEurope

ROYAL GATE Inc. 03/26/2015 BSI Management Systems Japan K.K.Asia Pacific

RR Donnelley Global Document Solutions (GDS) 03/07/2016 Solutionary, Inc.US

RS2 Smart Processing Limited (BankWorks Service Partners (BW-SP)

04/15/2016 O-C GroupEurope

RSA - 3DSecure Environment (US) 10/05/2015 Verizon/CybertrustUS

Tuesday, May 03, 2016 Page 43 of 56

Page 44: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

RSM 2000 Limited 06/05/2015 TrustwaveEurope

RT Lawrence Corporation 03/31/2015 ControlCaseUS

Rucard Ltd. 11/18/2015 TrustwaveEurope

Ruffalo Noel Levitz, LLC 10/22/2015 TrustwaveUS

RUNISO 04/17/2015 XMCO PartnersEurope

Russian Standard Bank 08/10/2015 Jet InfosystemsEurope

Rycom, Inc. 12/08/2015 TrustwaveCanada

S&C Constructores de Sistemas S.A. De C.V. 12/18/2015 S21sec Gestion, S.A.Latin Americ

SAB Services 11/03/2015 Verizon/CybertrustEurope

Sabre GLBL, Inc. (Sabre Airline Solutions; Sabre Travel Network; Prisim Group, Inc.; Sabre International, BV)

06/23/2015 FishNet SecurityUS

Sabre GLBL, Inc. (Sabre Hospitality Solutions (SynXis))

06/29/2015 FishNet SecurityUS

SafeCharge International Group Ltd. (Guernsey) 12/10/2015 Comsec Consulting, Ltd.Europe

SafeCharge International Group Ltd. (Safecharge Card Services)

12/15/2015 NTT Security Ltd.Europe

Sage Pay Europe Limited 06/30/2015 TrustwaveEurope

Sage Pay South Africa 03/14/2016 TrustwaveSAMEA

Sage Payment Solutions 07/16/2015 Verizon/CybertrustUS

SaleServiceSolutions (LTD) 03/17/2016 Security Research & Consulting GmbHEurope

Salesforce.com 10/16/2015 Optiv Security Inc.US

Salsa Labs, Inc. 08/23/2015 ControlCaseUS

Salucro Healthcare Solutions, LLC 01/22/2016 Aeris SecureUS

SC Smart PayNetwork SA (member of Euronet Worldwide Inc. Group)

02/13/2015 Encode SAEurope

ScaleFunder - Ruffalo Noel Levitz Platform 06/29/2015 TrustwaveUS

ScanPay ApS 03/03/2016 FortConsult A/SEurope

Tuesday, May 03, 2016 Page 44 of 56

Page 45: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

ScholarChip Card Company, LLC 07/15/2015 A-Lign Security and Compliance ServicesUS

SeatAdvisor, Inc. 08/13/2015 Tevora Business SolutionsUS

Secure CyberGateway Services, LLC 06/04/2015 SecurityMetricsUS

Secure Payments LLC (iSecure Payments) 04/01/2016 Aeris SecureUS

SecureTrading Ltd. 09/03/2015 TrustwaveEurope

SegPay Inc. (SegPay Ltd.) 08/13/2015 Payment Software Company (PSC)US

Seita Technologies Oy 06/18/2015 NSense OyEurope

Select Bankcard LLC 11/09/2015 A-Lign Security and Compliance ServicesUS

Sentry Payment Service, Ltd. 06/27/2015 SecurityMetricsCanada

Seroph International (CY) Limited (AlgoCharge, AlgoPay, FermainPay)

09/30/2015 GRSee ConsultingEurope

ServiceU Corporation, part of Active Network 08/31/2015 K3DES LLCUS

Servicios Electronicos Globales, S.A. de C.V.(eGlobal)

10/27/2015 1st Secure IT, LLCLatin Americ

Servodata GmbH 12/11/2015 usd AGEurope

Setcom 01/22/2016 SecuriCentrixSAMEA

Setrafi (CentralPay / NordPay) 10/14/2015 Verizon/CybertrustEurope

Shanghai Masapay Information Technology Co., Ltd. (Branded as “Masapay”)

12/27/2015 atsec (Beijing) Information Technology Co., LAsia Pacific

Shazam Inc. (ITS Inc.) 12/21/2015 TrustwaveUS

Shenzhen GleePay Information Technology Co., Ltd. (Branded as “GleePay”)

12/29/2015 atsec (Beijing) Information Technology Co., LAsia Pacific

ShenZhen GlobeBill Technology CO., Ltd (Branded as “GBPAY”)

01/11/2016 atsec (Beijing) Information Technology Co., LAsia Pacific

Shenzhen Tenpay Technology Company Limited (Branded as “Tenpay”)

01/27/2016 atsec (Beijing) Information Technology Co., LAsia Pacific

Shift4 Corporation 05/31/2015 FishNet SecurityUS

Shopify, Inc. (Shopify Payments (Canada Inc. & Shopify Payments (USA) Inc.))

08/10/2015 Coalfire Systems, Inc.Canada

Tuesday, May 03, 2016 Page 45 of 56

Page 46: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Shred-it USA LLC (formerly Cintas Document Management - Shredding)

07/31/2015 Crowe Horwath LLPUS

SIA Central Europe cPlc (formerly GIRO Bankcard cPlc)

04/26/2016 Apersky Consulting LLCEurope

SIA PaySpace 04/20/2016 Sysnet Ltd.Europe

SIA S.p.A. (formerly SIA-SSB) 06/25/2015 Verizon/CybertrustEurope

SIA Transact Pro (TRANSACT PRO, SKYPETROL TRUST LIMITED)

01/14/2016 Cognit Consult, UABEurope

SignaPay LTD 09/30/2015 CompliancePoint, Inc.US

Signature Card Services (CKC Holdings, Inc.) 05/20/2015 SecurityMetricsUS

Site Organic, LLC (Ministry Brands) 06/27/2015 Sword & Shield Enterprise Security, Inc.US

Sitel Operating Corporation - Sitel Call Center Services (US, EMEA, LATAM/South America and APAC)

05/28/2015 Coalfire Systems, Inc.US

SIX Payment Services (Austria) GmbH (Acquiring and Maestro Issuing Services) (formerly PayLife Bank GmbH)

03/07/2016 Adsigo AGEurope

SIX Payment Services AG (formerly SIX Card Solutions AG)

04/14/2016 Adsigo AGEurope

SIX Payment Services Luxembourg SA (Six Card Solutions, 3C International SA, 3C Communications International SA)

12/15/2015 NTT Security Ltd.Europe

Skrill Limited (formerly Next Generation Payment Limited)

06/30/2015 SecurityMetricsEurope

Skybridge America's, Inc. (Skybridge Marketing Group) (formerly Argenbright Inc.)

06/30/2015 TrustwaveCanada

Slim CD, Inc. 02/04/2016 Dara SecurityUS

Smart Business Technology 09/04/2015 CompliancePoint, Inc.US

Smart e-Money, Inc. 12/25/2015 ControlCaseAsia Pacific

SmartAction Company 11/01/2015 Tevora Business SolutionsUS

Smartcardlink (SCL) 06/29/2015 Compliance Control Ltd.Europe

Tuesday, May 03, 2016 Page 46 of 56

Page 47: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

SmartEtailing Inc. 09/30/2015 Aeris SecureUS

Sociedade Interbancária de Serviços, S.A. (SIBS) 06/05/2015 FortConsult A/SEurope

Société Monétique Tunisie (SMT) 07/27/2015 ControlCaseSAMEA

Softvoyage Inc. 12/23/2015 UbitrakCanada

SoNet, spol. S.r.o. 09/15/2015 NTT Security Ltd.Europe

Sors Financial & Insurance Services, LLC (Approval Code)

05/22/2015 Dara SecurityUS

Southeastern Data Cooperative Inc. 04/21/2015 SuneraUS

Speed Commerce, Inc. (formerly SpeedFC, Inc.) 12/11/2015 Payment Software Company (PSC)US

Spektrix Ltd. 06/25/2015 FortConsult A/SEurope

Spindle, Inc. 11/13/2015 Megaplanit, LLCUS

Spreedly, Inc. 02/12/2016 Sikich LLP (403 Labs)US

Square, Inc. 05/29/2015 Coalfire Systems, Inc.US

SR Global Solutions Pty Ltd (trading as Merchant Warrior)

11/06/2015 Hivint Pty. LtdAsia Pacific

Stafford Associates Computer Specialists, Inc. 12/11/2015 CrimsonSecurityUS

Sterling Payment Technologies, LLC 04/14/2016 TrustwaveUS

StoneEagle Services, Inc. 11/02/2015 Kirkpatrick Price, Inc. dba Raven EyeUS

Stored Value Cards, Inc. (Numi Financial) 01/06/2016 Online EnterprisesUS

StoreFinancial Services, LLC 12/31/2015 Coalfire Systems, Inc.US

Strategic Payments Services (SPS) Pty Ltd 04/10/2015 BAE Systems Applied Intelligence PTY LimiteAsia Pacific

StreamPay SIA 01/29/2016 Kyte Consultants, Ltd.Europe

Stripe, Inc. 03/10/2016 NCC GroupUS

SuitePay LLC 11/04/2015 Megaplanit, LLCUS

SunGard Availability Services – Managed Services 05/15/2015 Schellman & Company, Inc.US

SunGard Public Sector 04/27/2016 SecurityMetricsUS

Superior Financial Systems, Inc. 09/30/2015 TrustwaveUS

Tuesday, May 03, 2016 Page 47 of 56

Page 48: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

SuperValu 10/29/2015 AT&T Consulting Solutions, Inc. (Verisign)US

Sutherland Global Services Inc (Symantec Services)

09/30/2015 ControlCaseUS

Svea Ekonomi AB 06/25/2015 24 Solutions ABEurope

Swedbank AB - Acquiring Services 12/30/2015 TrustwaveEurope

Swift Prepaid Solutions, Inc. 11/13/2015 Secure State ConsultingUS

Swipely 04/29/2016 Compass IT ComplianceUS

Switch Commerce LLC 10/08/2015 Schellman & Company, Inc.US

Switchfly Inc. (formerly ezRez Software, Inc.) 01/19/2016 Payment Software Company (PSC)US

Synapse Group, Inc. 07/31/2015 Cisco Systems, Inc.US

Synchrony Financial 08/24/2015 TrustwaveUS

SysPay Limited 12/15/2015 NTT Security Ltd.Europe

System Merchants EU 06/30/2015 Dara SecurityAsia Pacific

T2 Systems Canada Inc. (formerly Digital Payment Technologies Corp.)

07/09/2015 Payment Software Company (PSC)Canada

T2 Systems, Inc. 02/08/2016 TrustwaveUS

TAS Link LLC 05/28/2015 BMS Consulting LLCEurope

Taylor Technology Services, Inc. 06/01/2015 RSM McGladrey, Inc.US

Technoactivity, S.L. 04/16/2015 SIA GrupoEurope

Technology & Financial Services Group (TF Group) - Marshal Engineering & Electronics Pvt Ltd

08/12/2015 Risk Associates/Gaming Associates Inc.SAMEA

Technology Shared Services For Africa 10/23/2015 DataprotectSAMEA

Tecnicard, Inc. 05/20/2015 1st Secure IT, LLCUS

TECS Telecommunication & E-commerce Solutions GmbH

10/12/2015 Adsigo AGEurope

TelecityGroup France 11/12/2015 TrustwaveEurope

Teleflora, LLC 03/03/2016 TrustwaveUS

Tuesday, May 03, 2016 Page 48 of 56

Page 49: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Telefonica Soluciones de Informatica y Comunicaciones, S.A., Sociedad Unipersonal

06/11/2015 Internet Security Auditors, S.L.Europe

Teleformix 12/22/2015 TrustwaveUS

Teletik Services BV (Multisafepay) 02/11/2015 VOC-Consultancy BVEurope

Telrock Systems Limited (formerly Telrock Communications Ltd.)

12/14/2015 7Safe Information SecurityEurope

Tenerum, LLC 09/18/2015 Schellman & Company, Inc.US

Teranet, Inc. 07/15/2015 TrustwaveCanada

Tessitura Networks, Inc. 09/11/2015 TrustwaveUS

The CBORD Group, Inc. 05/08/2015 TrustwaveUS

The Logic Group 07/31/2015 Verizon/CybertrustEurope

The Macaluso Group 10/14/2015 KalioTek, Inc.US

The Members Group 01/08/2016 RSM McGladrey, Inc.US

The Minacs Group Inc. (formerly Aditya Birla Minacs Worldwide Inc.)

10/01/2015 ControlCaseCanada

The Shared Electronic Banking Services Company (K.S.C.C) - KNET

01/05/2016 ControlCaseSAMEA

The Shubert Organization (Shubert Ticketing) 05/12/2015 SecurityMetricsUS

Thermeon Worldwide PLC 07/30/2015 Tevora Business SolutionsUS

Threshold Financial (DC Payments) 05/25/2015 Control Gap Inc.Canada

Thumbzup Innovations Pty Ltd. 07/07/2015 TrustwaveAsia Pacific

TIBCO Mashery (TIBCO Software Inc.) (formerly Mashery Inc., an Intel Company)

08/31/2015 Online EnterprisesUS

Tillster (Formerly EMN8) 11/25/2015 Tevora Business SolutionsUS

Time Customer Service, Inc. 06/30/2015 Cisco Systems, Inc.US

Time Inc. International Fulfilment Services B.V. (formerly Time Warner Publishing BV (TW4 Fulfilment Services))

08/11/2015 NTT Security Ltd.Europe

TIS Inc. 06/15/2015 International Certificate Authority of Mgt SystAsia Pacific

Tuesday, May 03, 2016 Page 49 of 56

Page 50: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Tix, Inc. 10/16/2015 Compass IT ComplianceUS

TK Keith Company (Primax Payment Systems) 06/29/2015 Verizon/CybertrustUS

TNS Smart Network Inc. (NRT Technologies Inc., NRT Technology Corp., TNS Smart Network USA Inc.)

02/29/2016 TrustwaveCanada

TokenEX 10/05/2015 Foresite MSP, LLCUS

Tokheim Belgium NV 11/30/2015 Sysnet Ltd.Europe

Tolt Solutions, Inc. 06/15/2015 Coalfire Systems, Inc.US

Topperly Limited 02/27/2015 Foregenix LimitedEurope

Total Administrative Services Corporation (TASC) 05/22/2015 Kirkpatrick Price, Inc. dba Raven EyeUS

Total Card, Inc. 12/31/2015 Tech Lock Inc.US

Total Merchant Services 02/19/2016 Information Exchange Inc.US

TouchNet Information Systems, Inc. 04/20/2016 Coalfire Systems, Inc.US

Towarzystwo Finansowe Skok S.A. (TFSKOK) 07/30/2015 Comsec Consulting, Ltd.Europe

TradeGlobal (formerly Netrada North America, Fulfillment Technologies (Filltek))

02/23/2016 Secure State ConsultingUS

Transact elektronische Zahlungssysteme GmbH 03/31/2015 Security Research & Consulting GmbHEurope

Transact24 Limited 01/23/2016 Evolution LTDAsia Pacific

Transaction Junction Pty Ltd. 03/30/2016 SecuriCentrixSAMEA

Transaction Network Services (TNS) 06/09/2015 TrustwaveUS

Transaction Network Services (TNS) - Acquiring and Issuing

09/11/2015 TrustwaveEurope

Transaction Network Services (TNS) - TNSPay CNP Gateway

06/12/2015 TrustwaveUS

Transaction Network Services (TNS) – TNSPay Direct (AJB)

09/11/2015 TrustwaveUS

Transaction Network Services (TNS) - Transpoll and TNSPay Retail Gateway

09/11/2015 TrustwaveEurope

Transaction Processing Partners 10/16/2015 Information Exchange Inc.US

Tuesday, May 03, 2016 Page 50 of 56

Page 51: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Transaction Services (TRXServices) 08/30/2015 Coalfire Systems, Inc.US

Transactis, Inc. 08/31/2015 SecurityMetricsUS

Transactium Limited 02/05/2016 Kyte Consultants, Ltd.Europe

Transbank S.A. 10/13/2015 TrustwaveLatin Americ

TransCard, LLC 06/09/2015 TrustwaveUS

Transcom North America/Asia Inc. (TCNAA) 06/27/2015 Coalfire Systems, Inc.Europe

TransCore 03/03/2015 Secure State ConsultingUS

TransFirst - TransAction Central 05/27/2015 SecurityMetricsUS

TransPerfect Translations International Inc. (Translations.com)

12/15/2015 Sikich LLP (403 Labs)US

TransUnion Consumer Interactive, Inc. (TUCI) 09/23/2015 SecurityMetricsUS

Transverse 04/29/2015 Solutionary, Inc.US

Travelex Outsourcing Pty Ltd. 11/19/2015 TrustwaveAsia Pacific

Trevica S.A. 05/20/2015 TrustwaveEurope

Triangle Media Corp (Triangle Payments) 10/21/2015 TrustwaveUS

Trisept Solutions, Inc. 12/24/2015 TrustwaveUS

TriSource Solutions (formerly Nobel Electronic Transfer, LLC)

09/30/2015 Coalfire Systems, Inc.US

Truition, Inc (a division of Aptean) 04/22/2015 Coalfire Systems, Inc.Canada

TrustCommerce (TCSP) 06/25/2015 Coalfire Systems, Inc.US

Trustpay Global 09/25/2015 TrustwaveEurope

TSD Rental, LLC 04/20/2015 RSM McGladrey, Inc.US

TSYS (Issuing Processing) 01/13/2016 Coalfire Systems, Inc.US

TSYS Acquiring Solutions 04/04/2016 Coalfire Systems, Inc.US

TSYS International Core 11/20/2015 Coalfire Systems, Inc.Europe

TSYS International Prime 11/20/2015 Coalfire Systems, Inc.US

TSYS Managed Services - Issuing 12/29/2015 Coalfire Systems, Inc.US

Tuesday, May 03, 2016 Page 51 of 56

Page 52: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

TSYS Managed Services EMEA Ltd. 11/20/2015 Coalfire Systems, Inc.Europe

TSYS Output Services / TSYS DDS 01/28/2016 Coalfire Systems, Inc.US

Twin Oaks Software Development, Inc. 03/28/2016 Payment Software Company (PSC)US

Tyler Technologies, Inc. 11/28/2015 IBM Internet Security Systems (ISS)US

U.S. Bank - Elan Financial Services - Core Services

04/24/2015 Verizon/CybertrustUS

U.S. Bank E-Payment (Epay) and E-Disbursement Services (EDS)

01/27/2016 Verizon/CybertrustUS

U.S. Payments, LLC (Paysite) 12/15/2015 Sikich LLP (403 Labs)US

Ubiquity Global Services, Inc. (US, LAC, AP) 05/18/2015 ControlCaseUS

UBS Card Center AG 10/14/2015 NCC GroupEurope

UC Card Co., Ltd. 12/18/2015 BSI Management Systems Japan K.K.Asia Pacific

UCS-Solutions (Pty) Ltd. 04/23/2015 Galix Networking Pty. Ltd.SAMEA

Ukrainian Processing Center (UPC) 05/08/2015 Security Research & Consulting GmbHEurope

Unibanca S.A. 05/28/2015 1st Secure IT, LLCLatin Americ

Unified Payment Services Ltd. (ValuCard Nigeria Ltd.)

09/30/2015 TrustwaveSAMEA

United Bank Card (Harbortouch) 11/22/2015 Information Exchange Inc.US

United Card Service (UCS) 05/29/2015 Jet InfosystemsEurope

United Merchant Services, Inc. (UMS) 02/03/2016 TrustwaveUS

UniteU Technologies, Inc. 01/15/2016 SecurityMetricsUS

Universal Data Centre (iPay.ua) 11/30/2015 Sysnet Ltd.Europe

Universal Information Technologies Ltd. (Plategka)

01/25/2016 Sysnet Ltd.Europe

Universal Money Centers Inc. 12/09/2015 Information Exchange Inc.US

Universal Payment Gateway (UPG) 12/11/2015 SecuriCentrixEurope

uPaid Sp. Z o.o. 08/27/2015 SC2LabsEurope

Tuesday, May 03, 2016 Page 52 of 56

Page 53: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

USA Technologies, Inc. (Malvern Pennsylvania) 12/23/2015 TrustwaveUS

USAePay, a Gorcorp Company 08/06/2015 TrustwaveUS

Value Pay Services LLC, an IPC Company 11/30/2015 IBM Internet Security Systems (ISS)US

Value Payment Systems 01/14/2016 A-Lign Security and Compliance ServicesUS

Vanco Services, LLC 03/01/2016 SecurityMetricsUS

Vantiv – National Processing Company (NPC) 09/17/2015 Optiv Security Inc.US

Vantiv - Skipjack Financial Services, Inc. 09/17/2015 Optiv Security Inc.US

Vantiv (Fifth Third Bank Processing Solutions - Acquiring Systems)

06/17/2015 FishNet SecurityUS

Vantiv (Fifth Third Bank Processing Solutions - Issuing and Switch Providing Systems)

06/17/2015 FishNet SecurityUS

Vantiv Card Management Corporation (Vantiv CMC)

10/01/2015 Optiv Security Inc.US

Vantiv eCommerce (f.k.a. Litle & Co.) 11/12/2015 Optiv Security Inc.US

Vantiv Prepaid Systems 06/17/2015 FishNet SecurityUS

Varolii Corporation 09/16/2015 Schellman & Company, Inc.US

VenTek International (Caracal Enterprises LCC) 12/31/2015 Coalfire Systems, Inc.US

Verifi, Inc. 08/26/2015 Payment Software Company (PSC)US

VeriFone - VeriSheild Protect 09/12/2015 SecurityMetricsUS

Verifone (TS3 Services) 05/11/2015 Foregenix LimitedEurope

Verifone Finland Oy (Verifone Sweden AB, Verifone Norway AS, Verifone á Íslandi ehf, Verifone Baltic SIA, Verifone Denmark A/S)

11/10/2015 Foregenix LimitedEurope

VeriFone Paybox (Point Transaction Systems, Paybox)

10/14/2015 Foregenix LimitedEurope

VeriFone PAYware Connect (PWC) 07/22/2015 Foregenix LimitedUS

Verifone Services UK & Ireland Ltd (PAYware Ocius Managed Services)

11/10/2015 Foregenix LimitedEurope

Tuesday, May 03, 2016 Page 53 of 56

Page 54: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Verizon Business Network Services Inc. (Verizon Business IP Application Hosting)

12/08/2015 TrustwaveUS

VersaPay Corporation 05/28/2015 (3S) Salient Security Solutions, Inc.Canada

Vesta Corporation 06/26/2015 Online EnterprisesUS

Vindicia Inc. 09/29/2015 Payment Software Company (PSC)US

Virtual Card Services (Pty.) Ltd. 08/24/2015 SecuriCentrixSAMEA

VirtualXS - (Virtual Access Internet B.V.) 03/12/2015 NTT Security Ltd.Europe

Visa Inc. (VISA DPS) 06/26/2015 TrustwaveUS

VisionOne, Inc. 09/28/2015 IBM Internet Security Systems (ISS)US

VocaLink Ltd. (VocaLink ATM Systems) 11/15/2015 Verizon/CybertrustEurope

Vodat International Ltd. 05/29/2015 TrustwaveEurope

Voice Commerce Ltd. (Trading as Cashflows) 03/05/2015 Verizon/CybertrustEurope

Voice Data Solutions, Inc. 10/05/2015 Dara SecurityUS

Volusion, Inc. 03/07/2016 Payment Software Company (PSC)US

vSecure Processing, Inc. (vBusiness Processing Inc. (vSG))

07/20/2015 ControlScanUS

VXI Global Solutions, LLC 01/07/2016 TrustwaveUS

Wageworks 01/10/2016 RSM McGladrey, Inc.US

Washington Metropolitan Area Transit Authority (WMATA)

02/14/2016 ControlCaseUS

Wave Crest Holdings Limited (GTECH) 12/27/2015 ControlCaseAsia Pacific

Web Active Corporation Pty Ltd (eWAY, eWAY Europe, eWAY NZ, eWAY Payments)

12/17/2015 BAE Systems Applied Intelligence PTY LimiteAsia Pacific

WEBINC GmbH & Co KG 07/17/2015 usd AGEurope

Webpay 11/23/2015 Security Research & Consulting GmbHEurope

Webteh d.o.o. 10/30/2015 Nethost Legislation LtdEurope

WePay Inc. 07/22/2015 Coalfire Systems, Inc.US

Tuesday, May 03, 2016 Page 54 of 56

Page 55: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

Western Union Speedpay 06/01/2015 Tevora Business SolutionsUS

Wincor Nixdorf International GmbH 11/23/2015 Adsigo AGEurope

Wincor Nixdorf s.r.o. (Wincor Nixdorf Czech Republic)

12/16/2015 TrustwaveEurope

Wipro BPS (division on Wipro Limited) (formerly Wipro IT Business (Wipro BBY))

10/16/2015 SISA Information Security Pvt. Ltd.Asia Pacific

Wipro Limited (British Telecom Process) - Kolkata 03/31/2016 ControlCaseAsia Pacific

Wirecapital LTD (Wirecapital, Wirecapital Russia) 04/30/2015 GRSee ConsultingEurope

Wirecard Central Eastern Europe GmbH (formerly QENTA)

03/23/2016 TrustwaveEurope

Wirecard Processing FZ LLC (formerly ProCard Services FZ LLC)

12/01/2015 TrustwaveSAMEA

Wirecard Singapore Pte Ltd (Formerly Visa Processing Services Pte Ltd)

01/14/2016 IBM Internet Security Systems (ISS)US

Wirecard Technologies GmbH 03/23/2016 TrustwaveEurope

Wirecard UK and Ireland Ltd. 02/11/2016 TrustwaveUS

Wolfe LLC (GiftCards.com, LLC, OmniCard, LLC, (flkla WRL.com, LLC), Omni Prepaid, LLC)

09/09/2015 TrustedSec, LLCUS

Woolworths Ltd. 06/30/2015 Vectra CorporationAsia Pacific

Worldline GmbH (formerly Atos Worldline GmbH) 12/04/2015 usd AGEurope

Worldline India Private Limited (formerly Atos Worldline Pvt. Ltd.)

01/26/2016 TrustwaveAsia Pacific

Worldline International (Malaysia) Sdn Bhd 02/26/2016 TrustwaveAsia Pacific

Worldline SA (Worldline RBU3, Regional Business Unit France)

09/14/2015 TrustwaveEurope

Worldline SA/NV (formerly ATOS Worldline (Belgium) - (Banksys))

05/12/2015 TrustwaveEurope

WorldNet TPS 07/15/2015 Sysnet Ltd.Europe

WorldPay (UK) Limited (Streamline) 07/13/2015 Sysnet Ltd.Europe

Tuesday, May 03, 2016 Page 55 of 56

Page 56: The MasterCard Compliant Service Provider List

The MasterCard Compliant Service Provider List

Service Provider Name Region AOC Date Assessor

A company’s name appears on this Compliant Service Provider List if (i) MasterCard has received a copy of an Attestation of Compliance (AOC) by a Qualified Security Assessor (QSA) reflecting validation of the company being PCI DSS compliant and (ii) MasterCard records reflect the company is registered as a Service Provider by one or more MasterCard Customers. The date of the AOC and the name of the QSA are also provided. Each AOC is valid for one year. MasterCard receives copies of AOCs from various sources.

This Compliant Service Provider List is provided solely for the convenience of MasterCard Customers and any Customer that relies upon or otherwise uses this Compliant Service Provider list does so at the Customer’s sole risk. While MasterCard endeavors to keep the list current as of the date set forth in the footer, MasterCard disclaims any and all warranties of any kind, including any warranty of accuracy or completeness or fitness for any particular purpose. MasterCard disclaims any and all liability of any nature relating to or arising in connection with the use of or reliance on the Compliant Service Provider List or any part thereof. Each MasterCard Customer is obligated to comply with MasterCard Rules and other Standards pertaining to use of a Service Provider.

As a reminder, an AOC by a QSA provides a “snapshot” of security controls in place at a point in time.

WorldPay (UK) Limited (WorldPay Business Gateway, Worldpay Corporate Gateway)

07/13/2015 Sysnet Ltd.Europe

Worldpay LatAm (Cobre Bem) 09/08/2015 Sysnet Ltd.Latin Americ

Worldpay SN, LLC (SecureNet (Securenet Payment Systems))

05/15/2015 RSM McGladrey, Inc.US

Worldpay UK Limited (Worldpay Online Payments (Clearwater)

07/15/2015 Sysnet Ltd.Europe

WorldPay US, Inc. (formerly RBS WorldPay (US)) 07/28/2015 Coalfire Systems, Inc.US

Xcellapay - Payment Solutions 03/29/2016 SISA Information Security Pvt. Ltd.US

Xerox State & Local Solutions, Inc. 03/30/2016 Cadence AssuranceUS

Xlink Communications (Pty) Ltd. 11/27/2015 Sysnet Ltd.SAMEA

Yahoo Small Business 05/01/2015 TrustwaveUS

Yalamanchili International Pte Limited 04/01/2015 SISA Information Security Pvt. Ltd.Asia Pacific

Yalamanchili Software Exports Ltd. 02/03/2015 SISA Information Security Pvt. Ltd.Asia Pacific

Yantra Services Inc. 10/28/2015 Information Exchange Inc.US

YapStone, Inc. (RentPayment, RentPayment, VacationRentPayment, DuesPayment, InnPayment, StoragePayment, and ParishPay)

03/31/2015 Schellman & Company, Inc.US

Yardi Systems, Inc. (Centershift) 05/22/2015 SecurityMetricsUS

YES Group Limited (HK) 11/18/2015 NTT Com Security (formerly Integralis)Asia Pacific

Yodlee, Inc. 12/09/2015 Online EnterprisesUS

Zagrebacka banka d.d. 05/29/2015 IBM Internet Security Systems (ISS)Europe

Zarlenga and Seltzer Inc. (United Merchant Processing Services (UMPA)

05/01/2015 SecurityMetricsUS

ZippyYum LLC 10/27/2015 Intersec WorldwideUS

ZirMed, Inc. 05/05/2015 Secure State ConsultingUS

Zuora, Inc. 05/27/2015 Schellman & Company, Inc.US

Tuesday, May 03, 2016 Page 56 of 56