[Simsim]

Kraven i 3.0 kan komma att träffa e-handlare även om man skickar kunden vidare till en payment processor.

Se: https://www.pcisecuritystandards.org...PCI_DSS_v3.pdf

If any element of a payment page delivered to consumers’ browsers originates from the merchant’s website, SAQ A does not apply; however, SAQ A-EP may be applicable. Examples of e-commerce implementations addressed by SAQ A-EP include:
 Merchant website creates the payment form, and the payment data is delivered directly to the payment processor (often referred to as “Direct Post”).
 Merchant website loads or delivers script that runs in consumers’ browsers (for example, JavaScript) and provides functionality that supports creation of the payment page and/or how the data is transmitted to the payment processor.