PCI Security Standards Counsel: Recently Published Recommendations

more+
less-
more+
less-

The PCI Security Standards Council has recently published recommendations for ensuring that payment data and systems entrusted to third parties are maintained in a secure and compliant manner, in accordance with PCI-DSS requirements.  The recommendations are available at the following link: https://www.pcisecuritystandards.org/documents/PCI_DSS_V3.0_Third_Party_Security_Assurance.pdf.

A merchant, prior to engaging a supplier that will access its cardholder data environment or that will otherwise process, store or transmit cardholder data on the merchant’s behalf, must consider how that supplier will satisfy PCI-DSS requirements in a manner that will allow the merchant itself to remain PCI-DSS compliant.  The Council’s guidance provides merchants with a framework for understanding: (i) how a supplier’s own PCI-DSS compliance folds into the merchant’s PCI-DSS compliance requirements; (ii) how to evaluate a supplier’s level of compliance pre-engagement and allocate compliance responsibilities for applicable PCI-DSS requirements during the engagement; and (iii) options for addressing scenarios when a supplier may not be formally certified as a PCI-compliant service provider or have a ROC that can be provided to the merchant.

The dynamic between merchant and service provider is often one can that spawn unique scenarios and challenging questions, and this new guidance from the Council provides merchants and suppliers with a deeper perspective than was previously available and is a must-read.

Topics:  Compliance, Cybersecurity, Data Protection, PCI

Published In: General Business Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »