Your selected question
Are acquirers considered service providers for the purpose of PCI DSS Requirements 12.8?
Service providers include business entities that are not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This includes organisations providing acquiring services – for example, payment gateways, PSPs, ISOs etc.
However, an entity that acquires a merchant’s payment transactions and is defined by a payment brand to be an acquirer is not considered a service provider for that particular merchant’s PCI DSS compliance for the purpose of Requirements 12.8.
How useful did you find the answer given?Not at all Very useful