Frequently Asked Questions

< Back to search page

Do the PCI DSS requirements apply to card manufacturers, embossers, card personalizers, or entities that prepare data for card manufacturing?

FAQ Response

Organizations that participate in data preparation, manufacturing, personalizing, and/or and embossing for plastic cards are considered Service Providers for purposes of PCI DSS and should adhere to PCI DSS. However, some payment brands may already have programs in place that include PCI DSS for entities that prepare data, manufacture, personalize, or emboss plastic cards - we encourage you to check with each payment brand about their requirements for these entities. Please contact the payment brands directly.

July 2009
Article Number 1214