Originally Posted by Artashes
Hmm.. I wonder if "Self Assessment Questionnaire" is flawed as a concept. If all you do is answer a few questions, follow a guide to make sure you have proper compliance, how is this verified?
Also basically i was under the impression PCI compliance is only needed if you as a merchant handle the CC/DC details or store these.
but apparantly now even if you use a payment gateway (paypal, authorise.net etc) you need to be PCI compliant