New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.