Who are Involved in Payment Card Transactions

  • Individual staff members who directly or indirectly are involved in card transactions, including payments, refund, voiding or reversing transactions, reconciliation, reporting or custodian, delivery of cards, purchasing, incident response, etc.
  • Managers, Directors or Supervisor who handle payment card transactions; reporting and reconciliation; create policies and provide oversight for daily operations; document processes and compliance; ensure securities of cardholder data; and other related activities.
  • IT staff and 3rd party service providers (TPSP) involved in the design, development, maintenance and administration of:
    • payment applications ;
    • systems that store, process, or transmit cardholder data ;
    • systems that provide security services or may impact the security of the cardholder data environment (CDE) ;
    • eCommerce websites and applications ; and,
    • system components or device located within or connected to the CDE

Individual Staff

Individual Staff include but not limited to:

  • Cashiers and sales clerks
  • Back-office staff
  • Call center operators
  • Key custodians
  • Procurement
  • Mail room
  • Human resources
  • Customer support
  • PCard holders and processors
  • Accounting/finance personnel
  • Police Officers

IT Staff

IT Staff include but not limited to:

  • Data center
  • Server & storage support
  • Application & system developers
  • Testing staff who have access to underlying code base
  • Network operations & security
  • Internet technologies & development
  • Information technology & infrastructure services

Managers Meeting

Managers include but not limited to:

  • Department Head or Directors for each area
  • Supervisors/managers for each area
  • Senior management and executives
  • Information security officer
  • Chief Information Officer
  • Chief Financial Officer
  • Vice Presidents and President

Third Party Service Provider

Third Party Service Providers include but not limited to:

  • Transaction processors
  • Payment gateways
  • Independent Sales Organizations (ISO) or External Sales Agents (ESAs)
  • Customer service functions
  • Remittance processing companies
  • Web hosting and data center hosting providers including applications hosted by third parties that redirect to payment sites
  • Offsite data storage facilities