joined:Apr 10, 2009
I am a small merchant, online only; no brick-&-mortar; well under $20k volume at this point. Site is not set to 'live' because PCI is not yet done. The Paypal iFrame payment portal is in place so transactions are essentially sent 'off-site' to Paypal.
There are reams of pages and lengthy guides out there, generally begininng with something like 'Track and monitor all access to network resources and cardholder data, yada, yada.....' 'For 'only' $699.95 per scan etc..'
Neither can I afford a corporate QSA team. I need true PCI compliance, quick and for cheap. What steps please?
Thanks to all in advance.