Bruce Sussman is the Senior Manager at Crowe Chizek, who has almost 20 years of experience in the banking information security and audit community. He explains what a financial institution needs to know to achieve and maintain compliance with the PCIDSS Standard. Most banks, unless they are in a position of authorizing transactions or processing for others, are not going to have the same types of obligations as, lets say, a merchant bank or a data service provider. He says most institutions, if they are issuing cards, and if they have ATMs, they may not bear the brunt of verifying compliance.”]
Source: https://www.cuinfosecurity.com/transcript-bruce-sussman-podcast-a-594