Third Party Service Provider

nouncandidate·updated May 9, 2026

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

As defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms, a service provider is a business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. There are many types of businesses that could fall into the category of “service provider,” dependent on the services provided. Most commonly, a TPSP could be a legally separate entity; but it can also be a separate business unit or component of the entity under assessment—for example, an internal service provider—where the provider is outside the direct management control of the entity assessed.

MWE

Classifications

per-axis with provenance

Entity Type

Organization85%llm-generatedllm:claude-haiku-4-5

?unassignedlast reviewed —

Sensitivity

Regulated90%rule-basedr:sens.regulated.framework.v1

?unassignedlast reviewed —

Information Class

Pci88%llm-generatedllm:claude-haiku-4-5

?unassignedlast reviewed —

Variants

8 surface forms

synonym: Third-Party Service Provider
alternatephrasing: Third-party service provider
plural: Third Party Service ProvidersThird-party service providers
possessive: Third Party Service Provider'sThird-party service provider's
pluralpossessive: Third Party Service Providers'Third-party service providers'

Continue to:Dictionary →How is this term used per framework?Thesaurus →How does this term relate to other terms?Universal →Everything in one page.