PCI DSS and POS card terminals
At the moment (as far as I understand it) there is a sizeable difference in the compliance burden for PCI DSS between credit-card terminals that connect via dialup vs over the internet. To wit, terminal on dialup = can just self-certify; terminal over IP = have to get whole network audited regularly.
Doesn't moving to VoIP mean then that every bugger'll have to get audits done? Or will the exemption apply to it as well? Penny-pinching minds demand to know.