14 November 2017. – Based on new regulation by MasterCard each Service Provider ranked as ’Terminal Servicer’ has to validate its compliance with the PCI DSS Payment Card Data Security Standard.
MasterCard has recently introduced a new Service Provider term called ’Terminal Servicer’, that includes companies managing POS terminals for other entities. These companies do not necessarily process or manage cardholder data but due to the services provided, they may impact the security of their customers’ cardholder data environment.
As their PCI DSS scope is significantly smaller than the one of Payment Service Providers, MasterCard ranks them as Level 2 Service Providers and does not require an onsite audit for them (note: it is recommended) but only the completion of a ’Self-Assessment Questionnaire D Service Provider’ document. However, in case the company posesses of a ’Qualified Integrator & Reseller’ certificate, completion of the above questionnaire is not required.
The MasterCard regulations can be accessed via the following link:
Guidance for Terminal Servicer PCI DSS Validation (pdf)
Frequently Asked Questions:
FAQ for Terminal Servicers (pdf)