If a PCI compliant service provider hosts his technology to third party clients with the third party having only web access to a portal (with viewing cardholder data/debit/credit card permissions), does the client require to be PCI compliant since all storing/coding/encryption is performed by the service provider?
If so is the service provider responsibile to make sure the client is compliant as required by 12.8.2 since the client is the owner of the card data of his own clients?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!