PCI DSS Requirement 12.8 – Service Provider Management
If you retain service providers to process, store, or transmit cardholder data, you must have policies and procedures in place to manage those service providers. While there are no general guidelines to manage service providers, there are four specific PCI DSS requirements.
If you retain service providers to process, store, or transmit cardholder data, you must have policies and procedures in place to manage those service providers. While there are no general guidelines to manage service providers, there are four specific PCI DSS requirements.
 |
Maintain a list of service providers. (Requirement 12.8.1.) Shift4 Corporation is a PCI DSS-validated Visa Third-Party Agent and MasterCard Third-Party Processor. Shift4 Corporation is not a shared hosting provider (see PCI DSS Requirement 2.4). |
 |
Ensure there is an established process for engaging service providers, including proper due diligence prior to engagement. (Requirement 12.8.3.) Please refer to the following:  Shift4 Corporation FAQ Regarding PCI DSS
|
|
 |
Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of your cardholder data. (Requirement 12.8.2.) When you sign on with Shift4 Corporation, the Merchant Services Agreement will specify exactly what you can expect regarding the security of your cardholder data. |
 |
Maintain a program to monitor service providers' PCI DSS compliance status annually. (Requirement 12.8.4.) Please refer to the following PCI DSS compliance documentation: Shift4 PCI DSS Certificate of ComplianceShift4 PCI DSS Attestation of ComplianceFind PCI DSS-Validated Service Providers: Visa's Global ListMasterCard's Global List |
Shift4 Security Policies and Important Information
Home | Company | Solutions | Partners | Customers | Credit Card 101 | Privacy Policy | Career Opportunities | Site Map | Contact Us
