Quote:
|
Originally Posted by geckoday
If you are a merchant that must fill out SAQ D (most of us aren't unless you store credit card numbers) then 2.2.1 means you must run your web server software and database server software on separate servers and that the database server can't be accessed from the internet. If you meet the requirements to fill out SAQ C (mostly meaning you don't store credit card numbers) 2.2.1 doesn't even apply to you.
|
Interesting you say that - I agree with you. How about if the merchant is taking card #'s occasionally by phone and processing those payments through a web terminal, but not storing card data beyond that. Trying to get a direct answer so far has been challenging.