We use cookies to give you the best browsing experience and to help us understand how you use our site. Cookies are small snippets of data stored on your computer and some have already been set. By continuing to use our website you are accepting our use of cookies. To find out more, read about cookies

Please note

We cannot answer specific queries about your account here. For Account queries please

Can't find the answer?

Email Us

Your selected question

Are acquirers considered service providers for the purpose of PCI DSS Requirements 12.8?

Service providers include business entities that are not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This includes organisations providing acquiring services – for example, payment gateways, PSPs, ISOs etc.  

However, an entity that acquires a merchant’s payment transactions and is defined by a payment brand to be an acquirer is not considered a service provider for that particular merchant’s PCI DSS compliance for the purpose of Requirements 12.8.

How useful did you find the answer given?

Not at all Very useful