Outside vendor located on premises

10 pts.
Tags:
Compliance
IT Compliance
Payment Card Industry Data Security Standard
PCI compliance
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Shared premises is not a relevant factor for PCI compliance. You don’t face fines for customer information you don’t handle.

PCI compliance should be a minimal standard. Does your shared customer recognize your organizations as distinct, or do you act as one support organization? Act to meet your customer’s expectations. If you wish to present yourselves as a single organization, then recognize that your customer can seek damages from both of you if either of you fail the standard of reasonable care. This is not a PCI issue.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following