Kraven i 3.0 kan komma att träffa e-handlare även om man skickar kunden vidare till en payment processor.
Se:
https://www.pcisecuritystandards.org...PCI_DSS_v3.pdf
If any element of a payment page delivered to consumers’ browsers originates from the merchant’s website, SAQ A does not apply; however, SAQ A-EP may be applicable. Examples of e-commerce implementations addressed by SAQ A-EP include:
Merchant website creates the payment form, and the payment data is delivered directly to the payment processor (often referred to as “Direct Post”).
Merchant website loads or delivers script that runs in consumers’ browsers (for example, JavaScript) and provides functionality that supports creation of the payment page and/or how the data is transmitted to the payment processor.