In the context of PCI DSS, who is considered a merchant?

In the context of PCI DSS (Payment Card Industry Data Security Standard), a merchant is defined as an organization that accepts payment cards for purchases. This is the primary role of a merchant in the payment ecosystem. Merchants can be physical storefronts, online retailers, or service providers who process transactions through card payments. The importance of this definition lies in the responsibilities that merchants have under PCI DSS to ensure that they handle cardholder data securely and comply with established security standards to protect sensitive information during payment processing.

The other entities mentioned, such as those that issue payment cards, process transactions on behalf of merchants, or provide monetary support to cardholders, fulfill different roles within the payment system but do not meet the specific criteria to be labeled as merchants. These roles are distinct and come with their own sets of requirements and responsibilities regarding data security and compliance.