Do entities using service providers have to be PCI DSS compliant?

Yes, the use of service providers does not relieve you of the ultimate responsibility for your own PCI DSS compliance. Using service providers may reduce your PCI burden because they can take over certain requirements from you. However you should do due diligence on your service providers and list them in part 2f of your PCI document(s). You can find more information concerning service providers here.

Was this article helpful?
0 out of 0 found this helpful