Can I be PCI DSS compliant if I use a third-party service provider (TPSP) that is validated to a previous version of PCI DSS?
Yes. Your entity can be compliant with PCI DSS v4.0 when your TPSP is validated to PCI DSS v3.2.1. In this situation, the TPSP’s validation must have been completed prior to the retirement of PCI DSS v3.2.1, and their validation must still be current (meaning that no more than 12 months have passed since the service provider’s validation).
Was this article helpful?
The PCI DSS compliance guide
Find a handy glossary and all PCI DSS rules in Adyen Docs.View compliance guide