Third party service providers requirement 12.8.2 – does it apply to clients?

25 pts.
Tags:
Cloud hosting
PCI DSS
Security
Service providers
If a PCI compliant service provider hosts his technology to third party clients with the third party having only web access to a portal (with viewing cardholder data/debit/credit card permissions), does the client require to be PCI compliant since all storing/coding/encryption is performed by the service provider? 
If so is the service provider responsibile to make sure the client is compliant as required by 12.8.2 since the client is the owner of the card data of his own clients?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: