Under the initiative, internet and cloud service providers, online storage companies, call centers and other companies that offer services to retailers must show they have the security controls needed to protect any cardholder data they handle.
The new guidance, developed by a PCI special interest group representing merchants, banks and third-party service providers, aims to speed the process by offering tips to merchants on how to conduct risk assessments.
Merchants that want to remain compliant with PCI requirements will be required to obtain a written assurance from each of their service providers attesting to each providers readiness to handle credit and debit card data securely.
The guidance also includes advice on how merchants and service providers can share responsibility for implementing PCI security measures, offering recommendations on how merchants can set expectations, establish a communications plan and specify security responsibilities when signing up a third-party.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now