seansquared - 6:06 pm on Aug 20, 2010 (gmt 0)

GaryBradshaw,

All merchants are subject to PCI if they take Visa/MC/etc. Obviously I didn't address your issue though, so let's back up then to the 80,000 foot view: which PCI-DSS SAQ do you think you fall under?

If you're a card-not-present merchant already - you're using Authorize.net's payment gateway, offloading all CC transactions, and only storing the last 4 digits - you'd use SAQ A, where you answer a handful of questions and submit that along with the Attestation of Compliance to the PCI Council. Bing, bang, done.

Something doesn't sit right with me that Rackspace is claiming you need $10k in services to be PCI compliant though. What are they including in that $10k and why?

-Sean