Hacker News new | ask | show | jobs
by snazz 2571 days ago
Really? I evidently know nothing of the matter, but you're saying that the auditors only get involved when they become a larger operation?
1 comments
toomuchtodo 2571 days ago
Yep. Card networks can also unilaterally decide your level.

https://www.pcicomplianceguide.org/faq/#4

Disclaimer: I work in governance/risk/compliance, but have not performed PCI compliance work in the last several years.

link