@mckilldj wrote:
Frank - that reference is what got me started on this whole thing haha! Worst case if in fact they do scan the "frontend" it is probably a general security scan ... SQL injection, XSS etc (like you said) ... of the "frontend" site. Honestly something that everyone practising eCom should probably be doing anyway! Your logic does make sense though ... like I say the "frontend" site, if not secured", could FUBAR the whole compliance purpose 🙂 it's just a matter of where to draw the line.
Hehe, sorry about that. 🙂 Sometimes I make questions more complicated than they really are.
So to answer your original question in the simplest way possible:
I suspect that the scan wouldn't be any different than the scan they do for a website or store that is collecting the card holder data directly. For PayPal hosted checkouts, there would just be a smaller amount of data that the merchant would need to worry about securing when they are setting up the store server and pages.
- Frank
... View more