Requirements scale with processing volume, and are generally minimal for merchants processing under 20k Visa transactions annually.
Many gateways use tokenization to dramatically reduce PCI scope for their merchants. It's fairly standard, actually. Even with tokenization, merchants have compliance obligations. The required network scans, for example, protect consumers from merchant websites being compromised ahead of the tokenization step.
Interesting. I thought you only needed PCI compliance if your server touched the card, no the front-end, but it makes sense. Nevertheless here in Spain we'll need to wait to have tokenization. There's only one gateway - unless you choose Ogone or Adyen - and hell will freeze before it innovates.
http://usa.visa.com/merchants/risk_management/cisp_merchants...
Requirements scale with processing volume, and are generally minimal for merchants processing under 20k Visa transactions annually.
Many gateways use tokenization to dramatically reduce PCI scope for their merchants. It's fairly standard, actually. Even with tokenization, merchants have compliance obligations. The required network scans, for example, protect consumers from merchant websites being compromised ahead of the tokenization step.