What is a service provider?

A service provider for the purposes of PCI DSS is a third party that provides services to another organisation where the services provided involves handing credit cards and impact the security of that organisation’s customer credit card details, e.g. Paypal.

The official description of a Service Provider from the PCI Security Standards Council is a “Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data.”

Posted in FAQ.