MyHostNews

Featured Articles

How your Business Benefits by Choosing a Certified PCI-compliant Hosting Provider

How your Business Benefits by Choosing a Certified PCI-compliant Hosting Provider
November 05
15:41 2009

The PCI Data Security Standard (PCI-DSS), established by the Payment Card Industry (Visa, Mastercard, and other payment cards), combats online fraud and identity theft. It stipulates many security practices that any vendor who stores or transmits credit card data must follow. Any company found noncompliant faces steep penalties.

To facilitate compliance, Visa established a list of certified vendors, found here: http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf. Working with a certified vendor guarantees a level of compliance with the PCI DSS spec. A certified vendor must supply you with a responsibilities sheet detailing exactly what they are covering.

To companies that handle credit card data (financial services, eCommerce, etc.), choosing a certified hosting provider has obvious benefits; however, all businesses can benefit from the third-party certification. Here’s how:

Access Control
The PCI-DSS places restrictions on who has physical access to servers in a datacenter, as well as terminal access to the operating system. As such, a certified PCI compliant hosting provider has safeguards that may or may not be present with other hosts:

  • Photo security badge, fob, PIN, and biometric access to the datacenter.
  • Access privilege granted to fewest necessary personnel.
  • Login and change monitoring/logging for each server or device.
  • Secure client authentication required for any changes to the environment.

Secure Perimeter
A compliant hosting provider’s perimeter must be secured to meet PCI requirements. By choosing a PCI compliant hosting company, you automatically gain that security benefit, including:

  • Outbound traffic from protected servers is monitored to make sure that only established connections are receiving data.
  • Prevention of internal IP addresses being discovered and published publically on the Internet.

Firewall and Infrastructure Best Practices
A certified PCI compliant hosting provider must establish a DMZ within your network environment to make sure that sensitive data is thoroughly protected. Additionally, a hosting company that specializes in PCI consultation can guide you through other best practices, like using a separate server for web and database, and segregating a development zone from your production environment.

Credit card data isn’t the only sensitive information a business might need to secure. Healthcare providers or applications that store patient data may need to comply with HIPAA security standards. Education related applications may need to comply with FERPA. If your servers store any personally identifying information, the best thing you can do for your clients is choose a hosting provider with certified security credentials. Visa certification for PCI-DSS compliance is the platinum standard that benefits any security-minded business.

PCI Complaint Web Host
InetU Managed Hosting

If you are interested in learning more about PCI Complaint Web Hosting services, contact INetU Managed Hosting www.inetu.net.

About Author

MyHostNews.com

MyHostNews.com

Providing Web Host News, Discussions, Reviews, Commentary, Interviews and Blog Articles to the FindMyHost, Inc. Network.

Related Articles

SUBSCRIBE TO OUR MAILING LIST

Join our mailing list
Name:
Email Address:
Re-Enter Email Address:
Choose a Newsletter:
Host Alert

Special Offers: