I hoping someone in the know (like Andy, John, or another techie
) can answer my questions about PCI Standards. I gleaned some information about PCI from one of Andy's old security blog entries, and it seems like these standards pertain to merchants and service providers.
Do banks have to meet these standards too? My bank offers merchant credit card services through a correspondent bank relationship with FNBO. FNBO now wants to amend our contract to state that my bank meets all PCI Standards. I'm not liking it one bit. I'd rather state we comply with GLBA only. We are concerned that they are trying to make us responsible for our merchant customer's PCI efforts (or lack thereof).