We fully understand implementing Hosted Payments into the Express Platform using WorldPay Hosted Pages eliminates the ISV from PCI scope. But what are the ISVs to tell the Merchants other then "we are not in scope"? They are looking for an "official document" that states this. Most Merchants don't understand the tech of tokenization.
Do we need to get our assessor back and go through a PA-DSS certification for our solutions?
How does the Merchant fill out their questionnaire when they are going through their PCI-DSS audit?
"Not in Scope" is not being accepted. One must prove their innocence with PCI.