From 1333c614c0d1ff67a1e1ff7f16db275c610218cf Mon Sep 17 00:00:00 2001
From: P. J. McDermott <pj@pehjota.net>
Date: Mon, 16 Mar 2015 22:40:07 -0400
Subject: README: Describe the state of free payments

---
diff --git a/README b/README
index ea118ee..0c8f057 100644
--- a/README
+++ b/README
@@ -103,7 +103,11 @@ Stripe's payment page.
 
 Therefore, under PCI DSS 3.0, **Epirts.js may not be used to process live
 payment cards without first completing PCI SAQ A-EP and having an ASV perform
-quarterly vulnerability scans**.
+quarterly vulnerability scans**.  Currently, the only way to control your
+store's checkout process and ensure that no non-free JavaScript programs are
+distributed to your customers is to use a program like Epirts.js (or process
+cardholder data directly on your server) and pay for a scanning service.  Such
+is the state of payment processing.
 
 Copyright Information
 =====================
--
cgit v0.9.1