Not sure how relevant this would be to you, as we use PayPal Pro and I just noticed this on their site while researching further PCI stuff;
PayPal has partnered with ScanAlert, a Visa and MasterCard-certified PCI vendor, to help our customers comply at no cost for the first year. Enroll online with ScanAlert at: https://www.scanalert.com/SignUp.sa?oc=9673
ScanAlert is a McAfee service, free for the first year... I've read the T&C's at the bottom of the page and they say the following;
Customer agrees that subscription based Services will automatically renew at the end of each subscription period, at the then current list price for the Service, unless Customer sends notice of Customer's request that the Services not renew. Such notice of non-renewal must be sent to McAfee through the e-mail address [email protected]
at least thirty (30) days prior to the end of Customer's current subscription period. Notwithstanding the foregoing, if Customer purchased the Services from a McAfee authorized reseller of the Services, the subscription for the Services will not automatically renew at the end of the purchased subscription period, but shall expire and require the purchase of a new subscription period in order for the Services subscription period to be renewed.
Customer is in breach of this agreement if Customer fail to pay any amount owed to McAfee when due, subject to a 10 day grace period, or Customer fails to comply with these Terms. Unless otherwise stated, fees for Services are due in advance and subject to payment terms in the invoice(s) for the Services, which are incorporated into these Terms by reference. If Customer is in default, McAfee may take any or all of the following actions to remedy the default and protect its interests: (a) declare all unpaid monies immediately due and payable; (b) Terminate Services; (c) terminate the Services; (d) take any other lawful action McAfee may deem appropriate to enforce your obligations under these Terms. Customer agrees to pay costs and reasonable attorney's fees McAfee may incur enforcing its rights under this agreement.
So I'd send them a cancellation letter or something similar around the 340th day and by that time, hopefully there's more competitively full priced PCI scanning services out there in a years time?
You may not use PayPal of course but I just thought I'd let you know what I'd come across, in case it helps.