Reducing the Scope for PCI Compliance