amuck-landowner

PCI Compliant Hosting

shovenose

New Member
Verified Provider
Looking for a place where I can host a Point of Sale system that accepts credit cards without spending an arm and a leg. US Based only please.
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
You need PCI compliant hosting? I can probably help you out with a few things. Do you have Skype? If so, add duke.xfs and we can talk about a few things.
 

zzrok

New Member
A PCI compliant datacenter/host is only a small part of being PCI compliant.  Of course, what being PCI compliant requires depends on what you are planning to do.
 

concerto49

New Member
Verified Provider
Our data center at Dallas has pci compliance. Have full report, but like others say that doesn't auto make you pci.
 
Last edited by a moderator:

shovenose

New Member
Verified Provider
I understand that it's just one facet of a system being PCI compliant. But obviously the hosting service, hosting company, datacenter, and everybody in between has to be PCI compliant.
 

XFS_Duke

XFuse Solutions, LLC
Verified Provider
Generally, datacenters are PCI compliant in a few factors. Main one is data access restrictions. Others are far more complex, but generally they are compliant. I think it has something more to do with the regulations regarding the datacenters actually... Not sure... Might want to contact the DC's and ask them if their infrastructure is in fact PCI compliant.
 

concerto49

New Member
Verified Provider
Generally, datacenters are PCI compliant in a few factors. Main one is data access restrictions. Others are far more complex, but generally they are compliant. I think it has something more to do with the regulations regarding the datacenters actually... Not sure... Might want to contact the DC's and ask them if their infrastructure is in fact PCI compliant.
You need an audit from a 3rd party to pass all the tests. I read the report we got earlier. Different rules depending if it's colo etc.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
We can probably arrange a solution either in our public VM cluster, which is ISO 27017 and also PCI compliant, or on dedicated hardware.  Feel free to hit me up in a PM with your specific needs.
 

HDPIXEL

New Member
I currently manage  several PC compliant servers with LiquidWeb (stormOnDemand.com). I had to make a lot of tweaks, and turned off many services  to the WHM/cPanel software.  The most expensive element of the PCI compliance process is to pass successfully and get the report title:  "ASV Scan Report Attestation of Scan Compliance "

See list of approved scanning vendors.

https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php#

Paypal always recommends https://pci.trustwave.com/paypal

One of my customer used McAfee service. I was please to use it as their software system tells you what to fix. And the end, you get the report already done that needs to be turned in to VISA/MC or gateway vendor/processor (e.g .PAYPAL).

My advise to you is negotiate the scanning price.   X-cart x-payment is PCI compliance, you can install it on your own server or use their subscription service.

Best of luck to you.
 

WebSearchingPro

VPS Peddler
Verified Provider
PCI/ISO compliance is a joke.
Whether its actually beneficial or not from a monetary standpoint isnt the point. If there was a PCI-DSS/HIPAA/ISO I would inherently trust that they know more and care about security more than the average kid that just ordered a piece of hardware from CC and throw a bunch of people on it.

Just my two cents.
 

shovenose

New Member
Verified Provider
Whether its actually beneficial or not from a monetary standpoint isnt the point. If there was a PCI-DSS/HIPAA/ISO I would inherently trust that they know more and care about security more than the average kid that just ordered a piece of hardware from CC and throw a bunch of people on it.

Just my two cents.
See, that's kinda my goal. But if I use Stripe.js I don't have to worry about it. But being PCI compliant shows that the company has spend time and money on securing their shit, if you know what I mean.
 

datarealm

New Member
Verified Provider
PCI/ISO compliance is a joke.
(rant)

We got to be their guinea pig about 12 or so years ago as they devised the standard.  We had a client on our shared hosting platform using a perl shopping cart system who's account got breached through a hole in the cart.  CC data he was storing was compromised but visa had NO clue about any of this.   Their first response was to disable our own merchant account.  Paypal was not really a big thing yet, about 80% of our revenue came through visa/mc at the time, which they held up for 12 straight days.  

There was also no approved security vendor list as they were just starting out here.  VISA named the security vendor that we had to use, and they required a complete on site audit before they would allow us to resume charging cards.  Again, our cc data was never in jeopardy (not even on the same servers).  But we had the pleasure to pay full travel expenses for someone to come down from colorado, hang out at a hotel for 2 days, make a couple visits to our data center, and meet the requirements they were coming up with.  For example, all services must be on physically separate servers. Onsite they made an audit of every system in our cluster and then told us things like mail had to be on a physically separate system than web services (it was, but it still irked us).

After the onsite audit the one saving item was supposed to be that visa was to place our company on their PCI site as the first fully approved PCI compliant hosting vendor.  Bragging rights to the first person who guesses if that ever happened...

a joke does not even begin to describe PCI compliance...

(/rant)
 

shovenose

New Member
Verified Provider
So stripe completely ignored my email so I will ask the community these questions. The system in question is for Renew Computers. (look it up in google) we sell refurbished computers, used parts and stuff, and provide local computer repair services.


we also sell other stuff like used cell phones for like $25. We don't provide onsite tech support just if people bring in their mac or PC to fix.


I read stripe terms of service it says no tech support or cell phones. But since we don't really do that in the sense of new/contract cell phones its ok? And since we don't provide tech support just repair, its ok? I am confused.
 
Top
amuck-landowner