Recently it was brought to my attention that sites (companies of sites) that handle the selling of goods, services, subscriptions, etc.. involving payment processing must be PCI compliant.
What experience have you had with being PCI compliant?
With DF I have linked many a form to PayPal for payment processing and never had a worry with PCI compliance as no payment information is being collected.
It has recently been brought to my attention that is about to change. I am told (not 1st hand) that US based companies that sell anything online, regardless of whether they handle payment details or pass the user to a payment processor and never receive sensitive payment information, MUST be PCI compliant.
Really? Wouldn't be the first time bureaucrats made a complete mess of it all but this seems genuinely hard to believe.
What is your experience and how do you stay PCI compliant with DF?