On Fri, May 25, 2012 at 11:27 PM, Ken godee <ken at perfect-image.com> wrote: > wow, seems like quite a lot. > > What "level" of PCI/DSS compliance are you going for? I have to check this with the client. Credit card information will be encrypted and stored in client's own db. > The only other thing I might add.... > > Are you hosting the hardware? If it's > hosted else where then the "facility" that's > hosting the hardware needs to be PCI/DSS complaint. The client will be hosting it on their own office premise (the physical security aspect is being handled by another vendor). Thanks, -- Arun Khan