From Our Blog
 

PCI Compliance

Helping you reduce your effort and cost to become PCI DSS Compliant

PointClick deploys PCI  DSS (Payment Card Industry Data Security Standard) compliant ready servers and provides a secure hosting environment required by the five major credit card companies.
pci-compliance-standards-02-1

If you accept, store, or process credit or debit cards, then you must ensure that all the necessary steps are taken to protect sensitive personal data in order to avoid risk of fines or permanent expulsion from card acceptance programs. The purpose of PCI is is to ensure that credit/debit card information and transaction information are kept safe at all times.

 

PCI web hosting requirements can be difficult to understand as well as to implement. We take all the difficulty out of your hosting so that you can focus on your business. With our compliant ready servers, we also provide you with the routine network scans as required by your QSA and off-server log management / audit trails if you ever need to respond to any forensic inquiry.

Keep in mind, most hosting companies only offer a PCI compliant facility.  This is far from being a complete PCI compliant hosting solution.

PCI Data Security Standard – High Level Overview

Build and Maintain a Secure Network

Install and maintain a firewall configuration to protect cardholder data

Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Protect stored cardholder data

Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

Use and regularly update anti-virus software or programs

Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Restrict access to cardholder data by business need to know

Assign a unique ID to each person with computer access

Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Track and monitor all access to network resources and cardholder data

Regularly test security systems and processes

Maintain an Information Security Policy

Maintain a policy that adresses information security for all personnel

Requirements for PCI Compliance

Architecture for PCI Compliant Hosting Environment

Physical System Restricted Access

Surveillance Monitoring

Firewall Protection

Anti-virus Protection

IDS (Intrusion Detection System)

File Integrity Checking

Log Management and Retention

Restricted Access to Sensitive Data

Two-factor Authentication

Forces Password Expiration

Automatic SSH & RTD Timeouts

Network Security Scans

Patching and Maintenance

SSL Certificates

Recommended Separate Web and Database Environment

Recommended Separate Production and Development Environments

14-Day Off-Site Backup Retention

Need more help understanding our Managed Services and how we can make take the burden of managing your IT off your shoulders?

Because every little thing matters in managed hosting.