Adherence to PA-DSS guidelines is an issue of grave severity that should occupy the number-one position on the list of priorities for every web developer and e-commerce solutions provider on the planet. (And those who would claim exemption from this simply because their reputation has earned them official “space cadet” status are, in fact, not off the hook.) It’s not just a suggestion for covering your tail end that’s been proffered by Those in the Know, but it’s also just good business to get yourself versed on the questions you may be asked by your clients.
What if my client has more than one location?
This is one of the most common questions asked by merchants and their e-commerce solutions providers in regards to PCI requirements, and probably one of the most legitimate. After all, when it comes to PA-DSS solutions, there are no stupid questions. Fortunately, there are some easy answers. In short, if your client’s got numerous locations that are tied together by the same Tax ID number, then only one annual PCI compliance validation is necessary. Wanna be someone’s hero? Lay that one on a client that’s got a dozen locations. Sometimes the bearer of good news takes all the credit. If that happens, let it be.