The PCI Security Standards Council identifies 12 requirements to be met by the PCI DSS-compliant merchant and host.
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong security measures
Regularly test and monitor networks
Maintain an information security policy
All merchants who operate an e-commerce application such as Magento / Woocommerce and accept credit cards within their site need to be PCI compliant. In order to meet these needs you will have to ensure you are using an accredited PCI compliant Service Provider. This is of course only one part of the merchants responsibility to meet their PCI obligations. However, it is an essential part that a lot of merchants over look when selecting a host.
In order to complete your PCI process you or your QSA can request access to our AOC my emailing email@example.com.
Remember the responsibility we have as your host is only a small part of your PCI obligations. Below are the categories…
Every server is protected by a firewall which, as well as limiting the ports available to general traffic, monitors packets for suspicious activities. In addition to this we also have an active log monitor which will block repeated failed attempts to login to key systems.
If an attacker knows that a user exists they already have half the information they need to begin an attack on the site / server. Ensure that all defaults usernames are removed. This also covers any devices within your premises that may be affected.
This requirement deals with what we need to do to protect credit card data across the server and our network. It deals with secure deletion of data, the use of strong encryption and restrictions on storage. Merchants and hosts are responsible for this.
This requirement ensure that all credit card data is encrypted at a suitable level (TLS 1.2) as it moves over the network. Merchants and hosts are responsible for this.
Despite all the tools and systems we deploy to keep your site and data safe it is essential that continual vigilance is performed. Anti-virus / anti-malware scanners and a number of our own scanning tools look for signs of a breach after the event. Merchants should also scan their own systems that connect to their e-commerce platform.
All software in our server stack is regularly updated and security patches applied as needed on release.
Merchants are responsible for keeping their Magento installation patched as these patches are released and to ensure that 3rd party extensions / modules are similarly updated when patches are published. Merchants must take all reasonable efforts to secure their application.
No one should have any more access to the network/application than is needed to fulfil their role.
To ensure a clear audit trail and secure access all entries to the system should be individually identifiable. Repeated failed attempts should be blocked. Users that no longer require access will be removed.
These requirements deal with physical access to the actual servers we run your sites on. Including:
24 hour manned security, biometric access and intruder alarms
24 hour on site Network Operations Centre (NOC)
Internal and external CCTV systems
Security breach alarms
In order to safeguard data we must audit and track all access to card holder data and alert appropriate authorities in the case of a breach. We monitor all logs for the server and network infrastructure. Merchants needs to ensure that they maintain and monitor logs for the applications itself.
In order to ensure that systems are constantly evolving to meet changing threats we routinely test our security procedures. This includes network vulnerability scans and penetration testing. Merchants are responsible for scanning their own applications.
Equally as important as all the technical resources that are in place are the policies and procedures that are in place to manage staff and the training that backs these up. Merchants must have similar procedures in place for their own staff.
We pride ourselves on providing an excellent hosting service, along with expert support.
You don’t need to take our word for it, we’re proud to have a 5* Excellent rating on Trustpilot.Read our customer reviews on Trustpilot