1. Integrate Using our Transparent Redirect
If credit card data doesn’t ever touch your server it makes being PCI compliant a LOT easier. Keeping sensitive payment data off your servers also eliminates the risk that you will suffer a breach. A breach of credit card numbers can be extremely expensive and painful.
2. Review And Sign Our Pre-Filled PCI Questionaire
If you outsource all cardholder data functions, by using Samurai with a Transparent Redirect, for example, you only need to fill out a PCI Self Assessment Questionnaire (SAQ) Version A. Since filling out the SAQ is a pain and the answers are the same for most Samurai customers, we will even fill it out for you. You still need to read and review it before signing, naturally.
If you DO NOT use Samurai and it’s Transparent Redirect and you either store or transmit credit card data on your servers, you will need to fill out version D of the SAQ, which is about 30 pages long, compared to 4 pages for the SAQ A, and will ask you to answer questions such as “Are video cameras and / or access-control mechanisms in place to monitor individual physical access to sensitive areas” and “Are logs for all system components reviewed at least daily”. You will also need to perform quarterly external vulnerability scans and report the results to your credit card processor.