I've been reading a post called SaaS Compliance and Levels in the PCI compliance, a very professional blog and found that I'm pretty late to the game to figure out compliance. I read that:
...in February 2009 that is all changing. Visa Inc. (all regions except Europe) has defined new level definitions for service providers and removed the usage of ‘gateway’ from this definition. This change does not take effect until Feb. 1, 2009 so companies wishing to validate now should do so under the current rules.
Now, the context there was about some type of aggregators of merchant services such as:
... a shared e-commerce provider or independent sales organization (ISO) that aggregates transactions
I think this includes hosting companies, shopping cart vendors, and software service vendors that offer credit card processing as a component of their service. BTW - none of this applies to me. I'm still looking for what my compliance issues as a:
- an online retailer of online services
- paid by credit card
- handling over 100K transactions per year
- not keeping any credit card data in electronic or paper form.
You should start by filling out the PCI self compliance questionnaire..
Post a Comment