So, every three months our in-house servers are scanned for PCI vulnerabilities (which is nuts, because we don't have an CC information in our database...we freakin' use keypad terminals from Chase Paymentech - but I digress). OK, no big deal - another $500 a year to "prove" we're clean.
However, American Express Compliance uses a company called Trustwave - to which you are to upload the scan reports from the "trusted" certifying organization (in our case, Security Metrics).
But first to have to find a browser that'll still run FLASH. Security? Mon cul.
That is all.