Frequently Asked Question

Does the PCI DSS apply to acquirers?
PCI DSS applies to any entity that stores, processes, or transmits cardholder data and any such entity is expected to comply with PCI DSS, including acquirers. However, each payment card brand manages their own PCI DSS compliance programs that may include, for example, who must validate compliance, merchant and service provider levels, and due dates. At their discretion, payment card brands may require acquirers to validate PCI DSS compliance. For more specific information on PCI DSS compliance validation requirements, please contact the payment brands directly.
January 2013
Article Number: 1216
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?