Frequently Asked Question

What is the definition of "merchant"?

For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logo of a PCI SSC Participating Payment Brand as payment for goods and/or services. Note that a merchant that accepts payment cards as payment for goods and/or services can also be a service provider, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.
Last updated: November 2021
Article Number: 1079

Featured FAQ Articles