Just a comment/correction to this article. The PCI DSS requirements do actually state that anyone that has a webpage that connects to a processor, even a third party processor, must meet the level 4 merchant requirements, i.e., questionnaire and annual scan. This means that finding a third party processor will NOT absolve you from the need to meet the