The HostDime team often gets requests asking if our infrastructure is PCI compliant, and therefore whether our clients can configure their servers to be PCI compliant. The answer to both inquiries is YES!
PCI DSS stands for Payment Card Industry Data Security Standard. PCI ensures that consumer credit card information is being transmitted, processed, and stored securely on the Internet. Nothing is more important than keeping your customer’s payment data safe and secure, therefore HostDime is PCI compliant, meeting all PCI security standards. HostDime meets all requirements for PCI compliance:
If you want to go more in-depth, here are all the standards created by the council to measure PCI compliancy:
1. Install/Maintain firewall configuration that will protect cardholder data
2. Do not use vendor-supplied defaults for system passwords or any other security parameter
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update antivirus software
6. Develop/Maintain secure systems and applications
7. Restrict access to cardholder data
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track/Monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Does My Enterprise Require Additional PCI Security?
HostDime’s secure PCI compliant cloud infrastructure allows you to rest easy knowing their clients data is safe.
However, in some cases, institutions like online banks and payment processors may need additional security. Other examples include Level 1 merchants, defined as businesses that process over 6,000,000 annual transactions, and organizations that have had a data breach must also complete an audit by a Qualified Security Assessor (QSA). This is something to be taken seriously, as failure to comply with PCI standards could result in heavy fines, restrictions, or permanent expulsion from card acceptance programs.
To be compliant, all businesses must use the services of PCI approved companies to validate quarterly compliance by performing vulnerability scans. This can be done with the help of a QSA like Comodo who will perform the audit scans. After each scan, you will receive a comprehensive vulnerability report detailing any security issues, with advice to help you fix the problem.
A PCI DSS compliant server is most always a bare metal server, as these servers don’t share resources like a shared server. The fewer the sites, the easier to achieve compliancy. If you have any more questions regarding our PCI certificate, or if you require additional PCI security, comment below or open a chat.