service providers payment card compliance

Jun 16 2009   11:40AM GMT

PCI DSS Requirements for Service Providers | Expert Advice from a QSA

Posted by: Charles Denyer
charles denyer, PCI DSS, payment card industry data security standards (PCI DSS), service providers payment card compliance, visa, amex, mastercard, Discover Card, jcb, pci qsa, qualified security assessor, pci dss compliance, transaction processors, payment gateways, web hosting providers, data centers, managed service providers, ISO

PCI DSS compliance is becoming a requirement for many service providers involved in the processing, storage, transmission, and switching of transaction data and cardholder data.

In short, a service provider, for purposes of Payment Card Industry Data Security Standards (PCI DSS) compliance includes companies that provide services to merchants, to other “service providers” or are other entities that control OR could impact the security of cardholder data.

So, here are some common examples of service providers:

Transaction Processors
Payment Gateways
Customer Service Entities, such as Call Centers
Managed Service Providers
Web Hosting Providers
Data Centers
Independent Sales Organizations (ISO’s)

And you may also want to know that the major payment brands (VISA, MasterCard, AMEX, Discover Card, and JCB) have different “terms” for service providers.

AMEX-They are called a “Third Party Processor”
Discover-They are called a “Third Party Processor” and a “Payment Service Provider”
Mastercard-They are called “Third Party Processors” and a “Data Storage Entity”
VISA-They can be called a “VisaNet Processor”, which is considered everybody that connects to VISA.

And generally speaking (with a noted exception), all Service Providers will need an annual on-site Review done by a Qualified Security Assessor.

Feb 7 2009   12:04AM GMT

Payment Card Industry Compliance (PCI) | What’s in store for 2009?

Posted by: Charles Denyer
payment card industry data security standards (PCI DSS), qualified security assessor (QSA), merchants pci dss, service providers payment card compliance

Payment Card Industry (PCI) Data Security Standards (DSS) compliance will no doubt continue to grow in 2009 and beyond. The number of merchants, service providers, and other third party processors/third party providers needing the PCI stamp of approval will continue to grow, based on varying industry and business circumstances.

What all entities need to be aware of are the following:

Understanding what level of PCI DSS compliance is needed. This is based primarily on the “transaction volume” your business does on a yearly basis.

If you do have to go through an official on-site assessment by a Qualified Security Assessor (QSA), then you need to be able to find the right QSAC firm who can truly help you understand what compliance entails, what the roadblocks could be and what are some of the hidden costs that most organizations are simply not aware of.

If you want to learn more about Payment Card Industry Compliance, then visit pciassessment.org