For shops like Valve only if they need SAQ-D in case they want to store the cred... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ta12653421 25 days ago \| parent \| context \| favorite \| on: Making Your Own Merchant Service Provider For shops like Valve only if they need SAQ-D in case they want to store the credit card numbers on their own, I'd say? SAQ-A til SAQ-C is doable for any e-commerce company.

bob1029 25 days ago | [–]

It's likely they would need on-site visits from a QSA if they wanted to go all the way into this. Valve would fall into the Level 1 compliance category. Self-reporting won't work for that kind of transaction volume.

notpushkin 25 days ago | [–]

Yeah, but assuming they want to build everything from scratch it would get way harder very quickly.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact