Outside vendor located on premises

10 pts.
Tags:
Compliance
IT Compliance
Payment Card Industry Data Security Standard
PCI compliance
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Shared premises is not a relevant factor for PCI compliance. You don’t face fines for customer information you don’t handle.

PCI compliance should be a minimal standard. Does your shared customer recognize your organizations as distinct, or do you act as one support organization? Act to meet your customer’s expectations. If you wish to present yourselves as a single organization, then recognize that your customer can seek damages from both of you if either of you fail the standard of reasonable care. This is not a PCI issue.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: