-
Tomas. If you're self-reporting to your merchant bank, then by all means you want to report that you're PCI-compliant. Most PCI-approved QSA firms will have detailed forms with room for explanations in them. What these firms can also help you with is deciding whether or not certain requirements apply to your company (encryption, data hosting
-
Christian. Any company that stores credit card data would need to be PCI-compliant. Likewise, if like you say, they have a form on their site that passes along credit card data, they would need some kind of secure transmission channel (e.g., SSL), but there is a lot more to it. If you're subject to one PCI requirement, you could be subject to many
-
Yes, that would be us.
-
You're getting good advice on this thread, Mary, and I hope it's helpful. With SOX, you have to be a publicly-traded company. If you're private, you're not subject to SOX (although it's not a bad idea to go ahead and put together the documentation). I know you didn't ask about PCI, but since there's some discussion around