Home > IT Answers > Security > Outside vendor located on premises
Patty
10 pts.
0
Q:
Outside vendor located on premises
PCI compliance, IT Compliance, Payment Card Industry Data Security Standard, Compliance
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?
ASKED: Feb 21 2009  0:03 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Rklanke
750 pts.
0
A:
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
  • AddThis Social Bookmark Button

Shared premises is not a relevant factor for PCI compliance. You don't face fines for customer information you don't handle.

PCI compliance should be a minimal standard. Does your shared customer recognize your organizations as distinct, or do you act as one support organization? Act to meet your customer's expectations. If you wish to present yourselves as a single organization, then recognize that your customer can seek damages from both of you if either of you fail the standard of reasonable care. This is not a PCI issue.
Last Answered: Feb 21 2009  6:08 PM GMT by Rklanke   750 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



0