Spreedly is PCI Level 2 compliant, which while not cheap, is significantly lower cost than Level 1 compliance. There's not additional liability involved by us being Level 2 vs Level 1 - while Level 1 is certainly a nice marketing strategy, the truth is that it's not required until transaction volume reaches a pretty significant level. Once Spreedly reaches that level we'll get it, but by that time we'll also be able to afford it.

In terms of support, what we're doing at Spreedly is focusing on providing excellent email support, and occasionally supplementing that with IM/phone support for critical issues. It's a trade-off that seems to be working well for us and our customers at this point.