You just have to be transmitting/relaying the data to be covered by PCI.
That said, DPM data would post directly to Authorize.net, so there would
be no relay; but as you've pointed out - given server access - DPM, or
even a hosted page, could be hija...
I'm not sure DPM would be excluded from PCI compliance, the definitions
of what PCI covers are very broad. At the end of the day, if someone
gets into your server/hosting, and they're any good, they could probably
skim the credit card details, at lea...
I'm willing to bet that 90% of business taking credit cards [offline]
aren't PCI compliant, because 90% of transactions probably go through
small businesses where there's many people working for minimum wage who
couldn't give a hoot about your credit...
First of all - This isn't aimed at anyone in particular. Secondly - I'm
not a lawyer, PCI expert, or security consultant - so take everything I
write with a pinch of salt. I'm 99.999% sure that by using AIM you will
need to be PCI compliant. No hosti...