|
|
|
|
|
|
by thehammer
4870 days ago
|
|
|
Regulations are set by the card brands, not the gateways. Here are Visa's requirements for merchants that want to accept their cards: http://usa.visa.com/merchants/risk_management/cisp_merchants... Requirements scale with processing volume, and are generally minimal for merchants processing under 20k Visa transactions annually. Many gateways use tokenization to dramatically reduce PCI scope for their merchants. It's fairly standard, actually. Even with tokenization, merchants have compliance obligations. The required network scans, for example, protect consumers from merchant websites being compromised ahead of the tokenization step. |
|
|