How do you validate hosting providers for PCI-DSS 4.0 compliance?

With PCI-DSS 4.0's increasing focus on third-party service provider management, I'm curious how companies are handling validation of their hosting providers. Do you actually enforce Attestations of Compliance (AOCs) from your hosting providers? How do you handle situations where providers claim compliance but can't provide complete documentation? What additional evidence do you request beyond the AOC? I'm particularly interested in hearing from people working in the payment industry. My payment provider doesn't request any compliance evidence from me and shifts all responsibility to my side. Our organization is currently updating our compliance processes for version 4.0, and I'd appreciate hearing about practical approaches other companies are taking, especially regarding shared responsibility matrices and ongoing monitoring of hosting provider compliance.