Issuer PCI requirements
August 31st, 2007 by admin Posted in Banking, Card Brands, Compliance
It is important to remember that everyone has to be PCI compliant, but validation requirements may differ. Issuers must be PCI compliant but they do not need to validate compliance (unless they are a VisaNet processor.)
What if they are both an issuer and a service provider, as described in an earlier post? They then may be required to validate the PCI compliance of the service provider side of the business.
That being said, Issuers have hefty security requirements, outside of PCI, on the control of their cardholder data because they must store sensitive cardholder data (or else the system would not work.)
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
One Response to “Issuer PCI requirements”
By Rob Newby on Aug 31, 2007
Your link is a bit messed up here, but thanks for the post.
When you say “Issuers must be PCI compliant but they do not need to validate compliance”. What penalties would they face for not being compliant, and when? Just in the case of a breach?
Can you tell me anything more about the requirements outside of PCI? Or where I can find them at least?
Thanks again!