I have a medium sized e-commerce website that "brokers" deals. I do not process payments but I gather CD from users and pass the CD on to my clients who provide services.
My question is how is my relationship with my clients viewed under PCI vis-a-vis my own compliance efforts? Do I need to worry about my clients compliance? Do I need any special agreement/contract with these clients to be compliant?
thanks in advance..