PCI Compliance-Site Scanning, McAfee, etc

[markw10]

I am working towards getting my website PCI Compliant. I know authorize.net and my merchant bank are both PCI Compliant. Also, I don't store credit cards on my website or office computer and I have a private SSL.
I am using a shared plan with HostGator but am switching to a VPS hosting plan with HostGator.
I have done a lot of research and have posted on here before and it seems a missing piece is I have to have a scan done of my website and also fill out a huge questionaire and then submit it along with my scan results to my merchant bank to become PCI Compliant.
Am I correct about the above?
What this comes back to is site scanning. I have looked at many services including McAfee, Security Metrics, ControlScan, and TrustWave.
Most of my research so far has been with McAfee. They have a service for $319/yr which includes quarterly scans and manual scans as often as I desire. The are no logos with it for my website.
They also offer a full service for $959/year or $1289/2 years for a discount. This full service includes their PCI Scanning but also it includes their McAfee Secure scanning. The scanning is done daily and also with the McAfee Secure scanning you get a McAfee trust logo for your website.
With HostGator's shared plan for free I get the McAfee secure scanning with logo and it includes the PCI scanning but also once I change to VPS hosting I likely will lose this.
I am interested in opinions of the various options for scanning, MCafee, Security Metrics, and ControlScan, and also Trustwave and also if I go with MCafee is their higher plan worth it? They claim I'll see an increase in sales but is that likely to be true? Thank you for your thoughts on the above.

[kobra]

fill out a huge questionaire

Check the PCI/DSS site for the "Self Assessment" one answer them correctly and you should be compliant as a merchant by default because you are using a gateway and not storing any CC details

This is just my opinion
I really think that most of this for the small online merchant as youself that are using SSL and a gateway is a scam and unnecessary.
The whole thing was designed to control large concerns that do store CC details the majority of it does not apply to those that do not.

See the self assessment and see if you don't agree

[markw10]

I'll take a look at it. It just seems it's hard on the small merchant. I see companies offering to do offsite credit card processing to save you hundreds of thousands of dollars. I think some of that is a scam. I just don't want to chance not being compliant but will look at the site and questionaire.

[Merlinpa1969]

If you go with McAfee dont go for the big package,
their scans are a joke and are NOT done daily