If you manage an online store, you’ll already be familiar with the term PCI compliance. But let’s understand why it is a necessity to be compliant if you run an online business.
Understanding PCI DSS Compliance
PCI-DSS (Payment Card Industry Data Security Standard) has been formalised by major credit card providers, to help mitigate the risks involved in online purchases. It’s a standard around data security, assessing how secure your application and server are.
If you take online payments it may be a requirement of your bank to certify that you are PCI compliant. One of the components of PCI compliance is validating whether your server is secure and up to date. That’s where ProStack can help!
Do I need it for my web hosting?
If you own an online business and are processing credit card payments, yes! This is where you need to find a hosting provider that provides PCI compliant hosting for your server. But what does that mean?
We offer PCI compliance as a service which means we can help ensure your server is secure and meets the PCI standard. Part of this process is running a scan against your server which produces a vulnerability report. This report will list all of the possible issues with your application and server. These will need to be fixed before you are certified as compliant. It’s important to note, that sometimes PCI scans can flag up false positives- don’t panic, we can help investigate any issues and fix them as necessary.
Simply, provide us with the vulnerability report and we can fix everything that is flagged. We’ll run through everything in the report that’s been flagged, identify what fixes need to be done to the server and make the changes for you so you can re-do the PCI scan and send the compliance report to your card merchant.
HackerGuardian PCI Scan
At ProStack we’ve partnered with Hackerguardian to provide PCI scanning and compliance tools. Hackerguardian scans your externally-facing IPs and generates daily reports detailing any vulnerabilities found. It also supplies you with the information you need to make these fixes. Once a resolution has been found, all the necessary documentation you need to send to your bank to validate your PCI compliance is included.
The main benefits
- Auditing service – Provides PCI compliance reports.
- Hackerguardian is a PCI Approved Scanning Vendor.
- Get ‘Ready-to-submit’ PCI Compliant reports to send to your bank.
- Detailed reports identify security holes with intense testing and fix recommendations.
- Secure web interface offering unlimited PCI scans per quarter.
Are all our hosting services PCI compliant?
At ProStack, we guarantee PCI compliant hosting on all our Cloud and Dedicated servers. If you’ve run a PCI scan and the report requires any fixes, get in touch and we’ll make the changes to your server.
It’s useful to note that we don’t offer PCI compliant hosting on our shared or reseller plans. These plans provide the broadest compatibility for a number of different applications and services, and so we are unable to customise them for specific needs.
For further information on why it’s not possible to guarantee PCI compliance for shared hosting, see our article here: Can you handle vulnerability reports with shared hosting? – Knowledgebase – Prostack