Skip to main content
Start of menu
Search United Kingdom website
Close Menu
Select Your Country:
GET STARTED...
 
Data Security
Standard
Merchant
Levels
Compliance
Requirements
In Case Of
A Breach

 

Duty to Notify American Express
As a Merchant, if you know or suspect that Cardmember information has been accessed or used without authorisation you must, as detailed fully in the Data Security Operating Policy:

  1. Notify American Express immediately
  2. Work with American Express and auditors to conduct a thorough audit of the incident
  3. Provide any and all information, and follow all instructions provided by American Express with regard to the incident
If you believe that Cardmember information has been compromised, contact your Client Manager or call our Customer Services Team on
01273 675 533. You may also notify the American Express Enterprise Incident Response Program (EIRP) by filling out the Initial Notice Form
and sending it via email to EIRP@aexp.com.

You can avoid additional costs from a data incident:
  1. By notifying American Express immediately if you know or suspect your data has been compromised
  2. By ensuring that you are in full compliance with the American Express Data Security Operating Policy
  3. If the data incident was not caused by the wrongful conduct of you or one of your employees or agents