I just started with WPP and haven't been asked for a PCI cert. I am waiting for that day, but I am not worried about it. My site will pass. This is an excert from the terms of service for Websites Payment Pro, [quote] PCI Compliance. You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI-DSS) and the Payment Application Data Security Standards. (PA-DSS), as applicable. You agree to promptly provide us with documentation evidencing your compliance with PCI DSS and/or PA DSS if requested by us. You also agree that you will use only PCI compliant service providers in connection with the storage, or transmission of Card Data defined as a cardholder’s account number, expiration date, and CVV2. You must not store CVV2 data at any time. [/quote] Found another links for more information. https://www.paypal.com/pcicompliance As I understand it, we just agree to meet all PCI compliance standards and we must provice proof upon request. Even though they seem not to want the quarterly scans. It is best to make sure your site is compliant just in cast.
... View more