PCI Assessment

NDB Advisory Common Examples of Merchants and Service Providers for PCI

Common Examples of Merchants and Service Providers for PCI

According to PCI DSS standards, any organization that accepts the major payment brands for payment (debit/credit) for goods or services can be identified as a merchant. Regardless of size or transaction volume, Merchants should take serious steps in working towards PCI compliance. As for service providers, there is a much broader application, as common entities include transaction processors, payment gateways, independent sales organizations (ISO), credit reporting services, customer service function, and data centers that service as managed service entities.

These are common examples, but they are not by all means an exclusive list. As technology and business systems and function continue to evolve, so will the scope and loose definition of what a service provider is. The PCI DSS standards are relatively young along with compliance for the payment industry as a whole, so expect changes and modifications to existing requirements. In reality, expect the scope of service providers to only grow more and more over time. Currently, it's widely accepted that service providers consist of a business entity directly involved in the processing, storage, transmission, and switching of transaction data or cardholder data. Additionally, if certain companies provide service to service providers themselves that could impact the security of cardholder data, then they themselves can be considered service providers. Common examples of these entities include plastic card embossing, remittance processing, managed firewall and IDS service providers, just to name a few.

To learn more about PCI DSS compliance, contact NDB Advisory.

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x706



  • (800) 277-5415, ext. 706
PCI DSS Compliance Experts


Contact Us