Skip to content

Third-Party Processing

January 4, 2013

Q: Do organizations using third-party processors have to be PCI compliant?
A: Yes. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on their risk exposure and consequently reduce the effort to validate compliance.  However, it does not mean they can ignore PCI.

-PCI Guide Frequently Asked Questions

Many small businesses are operating under the mistaken belief that they can safely disregard PCI compliance if they use a third party to process payment card transactions. Although some exposure may be transferred to the third party, it is rare for all risks to transfer. Merchants are still responsible for meeting compliance standards within their own sphere of operations. The contract between the merchant and the third-party processor should detail exactly who is responsible for which risks.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: