DSF

I am looking to become PCI compliant (looking to taking payment over the telephone, already use a hosted ecommerce payment processor) and was wondering which route others have taken - self assessment or paid a 3rd party to do the audit.

Self asessment all the way.

You still have to by PCI compliant even with a hosted payment solution! Everyone who takes cards, in any form even if they dont touch the data has to be PCI compliant. The basic level is a questionnaire, it get a lot more complex from there on!

Even PayPal are now putting in their paperwork that you should think of doing it, even if you only take PayPal payments on eBay etc https://pci2.trustwave.com/action.php is the company shown on their site.

http://www.theukcardsassociation.org.uk ... %20DSS.asp

they tax you if you do, and tax you if you dont.....
depends on how much £$£ you are processing....
if you do nothing, - they charge you an extra % ---- what is it? - maybe 1.3% ?
If you jump through all the hoops, - they charge you a compliance registration fee of maybe £2.40 a month ....
do the maths ....

what do other members find?
P

its once a year, once you have done it and nothing changes quite easy the next time as everything is pre filled. our merchant bank is elavon for 2 payment gateways.