PCI Compliant Hosting
- Thread starter shovenose
- Start date
Our data center at Dallas has pci compliance. Have full report, but like others say that doesn't auto make you pci.
Last edited by a moderator:
Generally, datacenters are PCI compliant in a few factors. Main one is data access restrictions. Others are far more complex, but generally they are compliant. I think it has something more to do with the regulations regarding the datacenters actually... Not sure... Might want to contact the DC's and ask them if their infrastructure is in fact PCI compliant.
You need an audit from a 3rd party to pass all the tests. I read the report we got earlier. Different rules depending if it's colo etc.
I currently manage several PC compliant servers with LiquidWeb (stormOnDemand.com). I had to make a lot of tweaks, and turned off many services to the WHM/cPanel software. The most expensive element of the PCI compliance process is to pass successfully and get the report title: "ASV Scan Report Attestation of Scan Compliance "
See list of approved scanning vendors.
https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php#
Paypal always recommends https://pci.trustwave.com/paypal
One of my customer used McAfee service. I was please to use it as their software system tells you what to fix. And the end, you get the report already done that needs to be turned in to VISA/MC or gateway vendor/processor (e.g .PAYPAL).
My advise to you is negotiate the scanning price. X-cart x-payment is PCI compliance, you can install it on your own server or use their subscription service.
Best of luck to you.
See list of approved scanning vendors.
https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php#
Paypal always recommends https://pci.trustwave.com/paypal
One of my customer used McAfee service. I was please to use it as their software system tells you what to fix. And the end, you get the report already done that needs to be turned in to VISA/MC or gateway vendor/processor (e.g .PAYPAL).
My advise to you is negotiate the scanning price. X-cart x-payment is PCI compliance, you can install it on your own server or use their subscription service.
Best of luck to you.
Whether its actually beneficial or not from a monetary standpoint isnt the point. If there was a PCI-DSS/HIPAA/ISO I would inherently trust that they know more and care about security more than the average kid that just ordered a piece of hardware from CC and throw a bunch of people on it.
Just my two cents.
See, that's kinda my goal. But if I use Stripe.js I don't have to worry about it. But being PCI compliant shows that the company has spend time and money on securing their shit, if you know what I mean.
(rant)
We got to be their guinea pig about 12 or so years ago as they devised the standard. We had a client on our shared hosting platform using a perl shopping cart system who's account got breached through a hole in the cart. CC data he was storing was compromised but visa had NO clue about any of this. Their first response was to disable our own merchant account. Paypal was not really a big thing yet, about 80% of our revenue came through visa/mc at the time, which they held up for 12 straight days.
There was also no approved security vendor list as they were just starting out here. VISA named the security vendor that we had to use, and they required a complete on site audit before they would allow us to resume charging cards. Again, our cc data was never in jeopardy (not even on the same servers). But we had the pleasure to pay full travel expenses for someone to come down from colorado, hang out at a hotel for 2 days, make a couple visits to our data center, and meet the requirements they were coming up with. For example, all services must be on physically separate servers. Onsite they made an audit of every system in our cluster and then told us things like mail had to be on a physically separate system than web services (it was, but it still irked us).
After the onsite audit the one saving item was supposed to be that visa was to place our company on their PCI site as the first fully approved PCI compliant hosting vendor. Bragging rights to the first person who guesses if that ever happened...
a joke does not even begin to describe PCI compliance...
(/rant)
So stripe completely ignored my email so I will ask the community these questions. The system in question is for Renew Computers. (look it up in google) we sell refurbished computers, used parts and stuff, and provide local computer repair services.
we also sell other stuff like used cell phones for like $25. We don't provide onsite tech support just if people bring in their mac or PC to fix.
I read stripe terms of service it says no tech support or cell phones. But since we don't really do that in the sense of new/contract cell phones its ok? And since we don't provide tech support just repair, its ok? I am confused.
we also sell other stuff like used cell phones for like $25. We don't provide onsite tech support just if people bring in their mac or PC to fix.
I read stripe terms of service it says no tech support or cell phones. But since we don't really do that in the sense of new/contract cell phones its ok? And since we don't provide tech support just repair, its ok? I am confused.
Well it would be a start.
Aldryic C'boas
The Pony
Or you can just go do your own research and stop trying to get other people to make your business decisions for you.
Are you going to be physically swiping people's cards? If so, you need to get a real merchant account, the fees will be much lower. CDGCommerce is a pretty good one. We've had an account with them since 2004. You might be able to find cheaper elsewhere.
https://www.cdgcommerce.com/retail-pc-mac.php
https://www.cdgcommerce.com/retail-pc-mac.php
you know what? Fuck you fuck my project I am done.