If a PCI compliant service provider hosts his technology to third party clients with the third party having only web access to a portal (with viewing cardholder data/debit/credit card permissions), does the client require to be PCI compliant since all storing/coding/encryption is performed by the service provider?
If so is the service provider responsibile to make sure the client is compliant as required by 12.8.2 since the client is the owner of the card data of his own clients?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.
Your password has been sent to:email@example.com
To follow this tag...
Thanks! We'll email you when relevant content is added and updated.
Share this item with your network: