PCI DSS Compliance Overview

All our packages are designed to conform to the highest requirements of the Payment Card Industry Data Security Standards (PCI DSS). All organizations who receive, process, or store credit card data must adhere to these standards. Ensuring you are also able to meet these standards is our highest priority.

PCI DSS Requirements

The PCI Security Standards Council identifies 12 requirements to be met by the PCI DSS-compliant merchant and host.

These 12 requirements fall into six categories:

 Build and maintain a secure network

 Protect cardholder data

 Maintain a vulnerability management program

 Implement strong security measures

 Regularly test and monitor networks

 Maintain an information security policy

All merchants who operate an e-commerce application such as Magento / Woocommerce and accept credit cards within their site need to be PCI compliant. In order to meet these needs you will have to ensure you are using an accredited PCI compliant Service Provider. This is of course only one part of the merchants responsibility to meet their PCI obligations. However, it is an essential part that a lot of merchants over look when selecting a host.

In order to complete your PCI process you or your QSA can request access to our AOC my emailing info@dx3webs.com.

Remember the responsibility we have as your host is only a small part of your PCI obligations. Below are the categories…

Build and Maintain a Secure Network and Systems

Requirement 1: Install and maintain a firewall configuration to protect cardholder details.

Every server is protected by a firewall which, as well as limiting the ports available to general traffic, monitors packets for suspicious activities. In addition to this we also have an active log monitor which will block repeated failed attempts to login to key systems.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.

If an attacker knows that a user exists they already have half the information they need to begin an attack on the site / server. Ensure that all defaults usernames are removed. This also covers any devices within your premises that may be affected.

Protect Cardholder Data

Requirement 3: Protect stored cardholder data

This requirement deals with what we need to do to protect credit card data across the server and our network. It deals with secure deletion of data, the use of strong encryption and restrictions on storage. Merchants and hosts are responsible for this.

Requirement 4: Encrypt transmission of cardholder data across open and public networks.

This requirement ensure that all credit card data is encrypted at a suitable level (TLS 1.2) as it moves over the network. Merchants and hosts are responsible for this.

Maintain a Vulnerability Management Program

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Despite all the tools and systems we deploy to keep your site and data safe it is essential that continual vigilance is performed. Anti-virus / anti-malware scanners and a number of our own scanning tools look for signs of a breach after the event. Merchants should also scan their own systems that connect to their e-commerce platform.

Requirement 6: Develop and maintain secure systems and applications.

All software in our server stack is regularly updated and security patches applied as needed on release.

Merchants are responsible for keeping their Magento installation patched as these patches are released and to ensure that 3rd party extensions / modules are similarly updated when patches are published. Merchants must take all reasonable efforts to secure their application.

Implement Strong Access-Control Measures

Requirement 7: Restrict access to cardholder data according to need.

No one should have any more access to the network/application than is needed to fulfil their role.

Requirement 8: Identify and authenticate access to system components.

To ensure a clear audit trail and secure access all entries to the system should be individually identifiable. Repeated failed attempts should be blocked. Users that no longer require access will be removed.

Requirement 9: Restrict physical access to cardholder data.

These requirements deal with physical access to the actual servers we run your sites on. Including:

 24 hour manned security, biometric access and intruder alarms

24 hour on site Network Operations Centre (NOC)

Internal and external CCTV systems

Security breach alarms

Regularly Monitor and Test Networks

Requirement 10: Track and monitor all access to network resources and cardholder data.

In order to safeguard data we must audit and track all access to card holder data and alert appropriate authorities in the case of a breach. We monitor all logs for the server and network infrastructure. Merchants needs to ensure that they maintain and monitor logs for the applications itself.

Requirement 11: Regularly test security systems and processes.

In order to ensure that systems are constantly evolving to meet changing threats we routinely test our security procedures. This includes network vulnerability scans and penetration testing. Merchants are responsible for scanning their own applications.

Maintain an Information Security Policy

Requirement 12: Maintain a policy that addresses information security for all personnel.

Equally as important as all the technical resources that are in place are the policies and procedures that are in place to manage staff and the training that backs these up. Merchants must have similar procedures in place for their own staff.

See what our customers have to say about us.

We pride ourselves on providing an excellent hosting service, along with expert support.

You don’t need to take our word for it, we’re proud to have a 5* Excellent rating on Trustpilot.

Read our customer reviews on Trustpilot
Ready to get started?

We are here to help your business grow
Let's talk.

Get in touch