PCI compliance is about adhering to a set of security related standards which are designed to protect sensitive data on credit/debit cards while a financial transaction is underway and after its completion. It extends to other kinds of data transmission too, for example, giving credit card data to a merchant on the phone. If you store, process, or transmit cardholder data, or provide services to merchants that do any of this, you need to ensure you are PCI-DSS compliant. The data security standard is for any organization that handles cardholder data for Visa, Mastercard, American Express, Discover, and JCB.
So, whether you are a running a small internet business or a large corporation, if you are accepting payment through cards, whether online or offline, you have to comply with PCI security standards.
The level of compliance that you have to match depends on how large your business is. The standards apply to all merchants and organizations, regardless of the size of the transactions they process or their number.
What is PCI compliance hosting?
Financial transactions on the internet run on trust. Customer should be convinced that they can enter their data on your website without the risk of loopholes in security measures. If it weren’t so, e-commerce would not have become the phenomenon that it has.
On the other hand, server breaches can compromise the safety of such data. It is vital that you host this information with a company that has a secure network and is capable of keeping the cardholder data safe. We help businesses ensure that their customers can make non-cash purchases confidently.
The approach we take in helping you go through PCI compliance from a technology standpoint:
Assess – We review your hosting environment and recommend what PCI compliance standards and security requirements you need.
Implement – If you decide to act on our recommendations, we go through the recommendations we’ve made and implement the necessary PCI compliance.
Review – After your PCI compliance suite is online and running, we perform checks to monitor the controls and the hosted environment.
There are 12 requirements that need to be in place to be compliant.
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software on all systems commonly affected by malware
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
By hosting with FullHost, we are just one step in helping you become PCI compliant and by signing up with us doesn’t end your responsibilities. We provide you the technology to get there, along with robust internal protocols you put in place to keep things secure.
We can help you plan and implement what you need to be PCI compliant. If you want to learn more about PCI compliance, contact our sales team via email or support ticket.