If you're hosting a store site, most probably you will need a PCI compliant hosting service, but you might be surprised there's not a dedicated plan designed for this. What's required for PCI compliant and how to get the right service provider? We have done a bit research based the industry announcements and communication to multiple hosting experts. In this article we provide brief introduction of PCI compliance and basic guidance on how to choose the right hosting.
PCI Compliance Introduction
PCI is standardized throughout the payment processing industry under the Payment Card Industry Data Security Standard (PCI DSS). If you accept credit card payments, you must comply with the credit card associations and networks rules concerning data security and ensure the safety of cardholder data. Thus PCI compliance solely focus on data security. Since the payment process includes different parties, we must ensure the safety on each section includes the following:
- Hosting Server. The main and most crucial point for PCI compliant hosting service. Since it's the final place for storing all data, the hosting company must apply necessary security tactics as much as they can. So when we talk about PCI compliant hosting, it's more about hosting server security.
- Payment processing company. Means the payment gateway service on our website. Since we don't have control over this part, the service provider is fully responsible for maintaining their equipments and network. So for end users, it's crucial to choose a reputable gateway provider for guaranteed security.
- Our website. It refers to how we secure our online data and onsite data transition. Especially from product order page, this requires us to apply proper coding and encryption. SSL is a MUST according to PCI standards.
- Our company policy for data protection. Means how we protect those collected data such as customer profiles, card details and all stuff submited by clients. For example if we store these data on local computer, who and how will it be accessed is big concern by PCI DSS. Limited access and password protection is basic requirement.
How to make hosting server pci compliant?
Hosting servers are fully maintained by hosting company. In order to be PCI compliant, there're lots of stuff to be considered by hosting company including the choice of server hardwares, system OS, data center space, upstream bandwidth provider and firewall installation, Continuous server optimization and monitoring etc. In a word, it's a big challenge to configure a perfect PCI compliant hosting service.
The truth is every company tries to be as secure as possible while they must reduce the overall costs to be competitive on the market. Because of this, not too many hosting providers can offer quality PCI compliant plans. Especially for some small groups who have limited budget and totally rely on third party providers, you can't really tell how they're doing.
What to do on user end?
This is actually discussed in details from our shopping cart protection tips page. Nowadays, more and more people use available scripts for cart setup. The main problem is not everybody are programming friendly. Once your site is developped, you might just focus on business promotion and forget software updates/maintenance. If you're running a personal store site, it's highly suggested setup a schedule task for regular maintenance. Business is important, but web store health is also crucial since it's carrying our business.
Who provides quality PCI compliant hosting?
As server and network security is mostly concerned for PCI compliant hosting service, what we need is a well protected hosting plan. Idealy, hosting company with their own data center space is the best choice. It simple shows their tech and financial abilities in offerring high performance and secure hosting service. But that's not all we should pay attention to. Actually, sometimes the company policy is more important because you can always get someone for problem caring.
For quality PCI compliant hosting service, we highly recommend to check out InMotionHosting and Arvixe Business web hosting plans. You pay a little more but simply put your business in safe hands. Especially when you look for balance point between cost and service quality, you can't really find better choice.