Description: This page will provide our certificate of attestation and other documentation on our PCI compliance. If for some reason the merchant is requesting other detail, or the information there does not answer their questions, escalate for further guidance.
If you retain service providers to process, store, or transmit cardholder data, you must have policies and procedures in place to manage those service providers. While there are no general guidelines to manage service providers, there are four specific PCI DSS requirements.
- Maintain a list of service providers. (Requirement 12.8.1)
Shift4 Payments is a PCI DSS-validated Visa Third-Party Agent (TPA) and Mastercard Third-Party Processor (TPP). Shift4 Payments is not a shared hosting provider (see PCI DSS Requirement 2.4). - Maintain a written agreement that includes an acknowledgment that the service providers are responsible for the security of your cardholder data. (Requirement 12.8.2)
When you sign on with Shift4 Payments, the Merchant Services Agreement will specify exactly what you can expect regarding the security of your cardholder data. - Ensure there is an established process for engaging service providers, including proper due diligence prior to engagement. (Requirement 12.8.3)
- Maintain a program to monitor service providers’ PCI DSS compliance status annually. (Requirement 12.8.4)
Please refer to the following PCI DSS compliance documentation:
- Shift4 PCI DSS Attestation of Compliance
- Shift4Shop PCI DSS Attestation of Compliance
- VenueNext PCI DSS Attestation of Compliance
- Merchant Link PCI DSS Attestation of Compliance
- SecurionPay PCI DSS Attestation of Compliance
- The Giving Block PCI DSS Attestation of Compliance
Find PCI DSS-validated service providers:
Comments
0 comments
Please sign in to leave a comment.