>> "Just go to your security settings and click on “View completed document”. We have pre-filled the documents for you."
Services like these are part of the problem. They can verify that the service they provide is compliant, but nobody can determine remotely whether or not you are compliant with something like PCI. You cannot outsource compliance. It is something you have to actually do.
And fyi these "iframe" services that allows a merchant to opt for SAQ-EP rather than the longer SAQ-D, that might be going away in the next couple years. Merchants may have to go with a full redirect, not a frame, if they want to wash their hands of chd.
Services like these are part of the problem. They can verify that the service they provide is compliant, but nobody can determine remotely whether or not you are compliant with something like PCI. You cannot outsource compliance. It is something you have to actually do.
And fyi these "iframe" services that allows a merchant to opt for SAQ-EP rather than the longer SAQ-D, that might be going away in the next couple years. Merchants may have to go with a full redirect, not a frame, if they want to wash their hands of chd.