Using third-party services providers (TPSPs) to help meet security goals and compliance requirements is an effective way to leverage collective strengths and allow the merchant to focus on its core business. One common TPSP in the fuel retail industry is the managed network service provider (MNSP), which provides technology, service and expertise to support secure network configuration and operation for convenience stores and other fuel services. Nonetheless, it is the merchant who must ultimately demonstrate that all applicable security and PCI DSS compliance requirements are being met and doing so may be very confusing without a good understanding how these requirements apply to these entities.
In this session, Sam Pfanstiel will review common PCI DSS controls for MNSPs and other TPSPs, how to confirm that your selected vendor is meeting these controls on your behalf, and a review of requirements that must be met by the merchant to confirm and enforce this delegated security relationship. In addition to gaining a better understanding of these service providers as they relate to PCI DSS, attendees of this webinar will also learn what questions must be asked, what agreements must be in place, and which specific artifacts must be collected in order to clearly delineate responsibility for and compliance with PCI for their business.