Regulatory Compliance, Governance and Security

Nov 18 2009   3:44PM GMT

PCI DSS and Service Providers | Common Examples of these Entities



Posted by: Charles Denyer
Tags:
charles denyer
merchants
payment card industry data security standards (PCI DSS)
pci dss compliant
pciassessment.org
service providers

The Payment Card Industry Data Security Standards (PCI DSS) provisions call for both merchants and service providers to become PCI DSS compliant. Though the term “merchant” is easily understood, the term “service provider” has created some confusion as to who these entities really are. With that said, here is a list of common service providers that are being required to become PCI DSS compliant:

Transaction Processors
Payment Gateways
Independent Sales Organizations (ISO)
External Sales Agents (ESA)
Call Centers and Customer Service Entities
Plastic Card Embossing Companies
Remittance Processing Companies
Managed Service Providers
Data Centers
Co-location Entities
Web Hosting Providers
Email (Microsoft Exchange) Providers

In short, any entity other than a merchant that is directly involved in the processing, storage, or transmission of cardholder data will need to become Payment Card Industry Data Security Standards (PCI DSS) compliant.

To learn more about PCI compliance, visit the official PCI DSS Resource Guide.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: