[ltraylor]

I got one of those scary sounding letters or e-mails last fall. We signed on with ScanAlert to provide our PCI Compliance verification and once we got through the initial set-up phase, it's been fairly painless. There is a comprehensive questionnaire to complete and I printed out some helpful guidelines for our employees (such as changing their internet access passwords every few months and ensuring we don't keep handwritten CVV codes on phone order sales). Quarterly, we get a reminder e-mail that we need to download a PDF report showing our compliant state.