Under the initiative, internet and cloud service providers, online storage companies, call centers and other companies that offer services to retailers must show they have the security controls needed to protect any cardholder data they handle.
The new guidance, developed by a PCI special interest group representing merchants, banks and third-party service providers, aims to speed the process by offering tips to merchants on how to conduct risk assessments.
Merchants that want to remain compliant with PCI requirements will be required to obtain a written assurance from each of their service providers attesting to each providers readiness to handle credit and debit card data securely.
The guidance also includes advice on how merchants and service providers can share responsibility for implementing PCI security measures, offering recommendations on how merchants can set expectations, establish a communications plan and specify security responsibilities when signing up a third-party.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.