I'm new to this so please bear with me. I have a website set for which I want to setup payment. So I have setup a page where users can enter their credit card information (this page is hosted on my website), and then via curl I send the CC information to paypal where payment is processed. Should I be PCI compliant to do so. If yes then which SAQ should I be compliant to?
What compliance level SAQ should I follow for below conditions:-
Condition 1. I have a form on my website, users fill credit card info there, then this is retrieved at my website's server and then sent to paypal to process the payment.
Condition 2. I have a form but the form method is going to paypal (the form is being submitted directly to paypal) where I don't touch the CC data at all, all the info goes directly to paypal.
Condition 3. I send the users directly to paypal to make payment, and in this case they don't even enter the CC data at my site at all. Paypal takes care of all of the payment and returns me with either a completed payment or an error.
Thanks a lot.
