Service Providers are significant within the payment ecosystem, and their relationship with Merchants is essential in the protection of cardholder data. We will examine some of the common challenges and mistakes experienced by service providers and merchants from their respective sides. I’ll reference PCI DSS v4.0, and real-life problems observed in the merchant/service provider relationship; where in a worst-case scenario, the Service Provider causes a Merchant to be non-compliant.