Tonearm - 7:11 pm on Mar 15, 2013 (gmt 0)
If I understand you correctly, checkout is handled as a SaaS by a provider.
Actually no, you handle checkout yourself, but your checkout form posts directly to the processor. Here's a better description:
Not true; You still need to follow the PA-DSS guidelines.
You're right, I should have said PCI Compliance is much simpler and easier with transparent redirect.
If you're storing payment authorization codes (handy if you ever need to issue a refund), are they stored securely in a separate database (not on your web server), behind a firewall?
Is it required to store the authorization codes on a separate machine from the web server?