Can someone please tell me what exactly banks are required to do for PCI compliance? Our bank offers credit cards, debit cards, cash advances, ATMs, and accepts payments using credit/debit cards for various fees throughout the bank. Do these activities render us both a merchant and a servicer and do we have to complete both self-assessments?
I can't seem to find anyone who really has a handle on what to do with the self-assessments. Any guidance would be greatly appreciated.