The Payment Card Industry Data Security Standards (PCI DSS) provisions call for both merchants and service providers to become PCI DSS compliant. Though the term “merchant” is easily understood, the term “service provider” has created some confusion as to who these entities really are. With that said, here is a list of common service providers that are being required to become PCI DSS compliant:
Independent Sales Organizations (ISO)
External Sales Agents (ESA)
Call Centers and Customer Service Entities
Plastic Card Embossing Companies
Remittance Processing Companies
Managed Service Providers
Web Hosting Providers
Email (Microsoft Exchange) Providers
In short, any entity other than a merchant that is directly involved in the processing, storage, or transmission of cardholder data will need to become Payment Card Industry Data Security Standards (PCI DSS) compliant.
To learn more about PCI compliance, visit the official PCI DSS Resource Guide.