PCI DSS is applicable to all entities that store, process or transmit cardholder data. However, whether an entity is required to validate their compliance with PCI DSS is determined by the payment brands’ compliance programs. Some of the payment brands do recognize compliance of service providers and may provide their own list of PCI DSS-compliant service providers. Please check with the payment brands to understand their compliance programs and whether they recognize compliant service providers.
Article Number 1138