What is a requirement for merchants if they share cardholder data with service providers?

Merchants are required to have agreements with service providers and a program to monitor their compliance status when they share cardholder data. This requirement is in place to ensure that the protection of sensitive cardholder information is maintained throughout the payment ecosystem.

When merchants share cardholder data, they must engage in a contractual agreement that outlines the security responsibilities of both parties. This includes specifying what data can be shared, how it will be protected, and what measures will be taken to ensure compliance with PCI DSS regulations.

Additionally, monitoring compliance status is essential because it allows merchants to ensure that service providers are adhering to the required standards. This proactive oversight helps to identify any potential security vulnerabilities or compliance issues, allowing for timely corrective actions.

Overall, this requirement helps to safeguard cardholder data and minimizes the risk of breaches, ensuring that all parties involved maintain a high level of security.