Rdr. Michael ,
Originally Posted by Readerm
...what else do we need to qualify for the bank requirements...
I'm not sure anyone on this forum is in a position to address the qualifications for any particular bank or card provider. If you have installed DPM and successfully completed SAQA, perhaps consulting with your bank would be a good idea if you are still concerned about compliance with them.
As for our business, after installing the BCSE Authorize.net DPM mod on all our sites, we created and distributed protocol to all staff members for destroying all cc information via phone, fax, land-and-e-mail. It's our policy not to store cc information in our building and we tell our repeat customers that it's for their protection. Only one customer complained but 99% have appreciated that we do not store their cc data.
We successfully competed SAQA and will keep the audit on file both on site and remotely (cloud server). With recent news like this http://reut.rs/dF6cSt
the public will appreciate all you do to make their sensitive information as private as possible.