[rschapman]

Could you speak more to the part about PCI compliance? My experience has been that you can provide an AOC for provided services but it doesn't make someone's PCI obligations go away entirely. Even a PCI recognized point to point encrypted solution doesn't completely remove all PCI-DSS obligations. Maybe for folks that do a SAQ it would largely make issues go away but a larger entity doing a full ROC/AOC I would imagine would still have a fair amount of work to go through. Do you also happen to work as a merchant acquirer in such a way that you can remove further PCI burden?