Joshua Nichols <[email protected]> writes: > Also worth noting is that my understanding of the PCI compliance spec > is that if there is ever an "incident", that even small merchants > become immediately beholden to all the same requirements as tier 1 > merchants. 65k transactions per year isn't tiny, but I bet the client > wouldn't want to suddenly have the same requirements as, say, Disney > World.
The PCI-DSS standard specifies different merchant levels based on transaction volume. But, the requirements are (mostly) all the same. It's the audit and verification process that becomes stricter for the larger sites. (I believe there are slightly different requirements about how often you need external scanning and penetration testing) seph _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
