Yes. PCI compliance still applies to your business, even if you rely on a third-party processor to handle card transactions. The responsibility for protecting cardholder data is shared - and merchants are still accountable for many parts of the compliance process.
When using a third-party payment processor, your business is still responsible for:
-
Use PCI PTS-certified payment terminals
-
Secure your network and physical environments
-
Ensure all service providers are PCI DSS validated
-
Complete the appropriate Self-Assessment Questionnaire (SAQ)
Outsourcing processing reduces scope - but not responsibility.
Not sure where you stand? Get in touch to learn how Ingenico supports secure, compliant payment environments.