PCI Security Standards Counsel: Recently Published Recommendations

more+
less-
more+
less-

The PCI Security Standards Council has recently published recommendations for ensuring that payment data and systems entrusted to third parties are maintained in a secure and compliant manner, in accordance with PCI-DSS requirements.  The recommendations are available at the following link: https://www.pcisecuritystandards.org/documents/PCI_DSS_V3.0_Third_Party_Security_Assurance.pdf.

A merchant, prior to engaging a supplier that will access its cardholder data environment or that will otherwise process, store or transmit cardholder data on the merchant’s behalf, must consider how that supplier will satisfy PCI-DSS requirements in a manner that will allow the merchant itself to remain PCI-DSS compliant.  The Council’s guidance provides merchants with a framework for understanding: (i) how a supplier’s own PCI-DSS compliance folds into the merchant’s PCI-DSS compliance requirements; (ii) how to evaluate a supplier’s level of compliance pre-engagement and allocate compliance responsibilities for applicable PCI-DSS requirements during the engagement; and (iii) options for addressing scenarios when a supplier may not be formally certified as a PCI-compliant service provider or have a ROC that can be provided to the merchant.

The dynamic between merchant and service provider is often one can that spawn unique scenarios and challenging questions, and this new guidance from the Council provides merchants and suppliers with a deeper perspective than was previously available and is a must-read.

Written by:

Published In:

PCI

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.
×
Loading...
×