PCI Compliance

Sites that handle financial transactions such as donations, online orders, and recurring subscriptions without some kind of third-party vendor such as PayPal will often require PCI compliance.

Companies such as SecurityMetrics and TrustWave perform such scans, and if the site fails the scan, it must be brought into compliance in order to pass the next scan. We routinely handle such PCI compliance tasks for our customers. Maintaining PCI compliance requires a dedicated server or at a minimum a well-maintained VPS or cloud instance, depending on the desired level of compliance.

Some typical tasks associated with PCI compliance include:

  • Updating server operating system software (Linux flavors such as Ubuntu, CentOS, RedHat, etc)
  • Updating Apache, Nginx, MySQL (or other database servers as needed), PHP
  • Installing, configuring, and maintaining a sensible firewall to close all but the essential ports
  • Disabling the mail server if not in use. If it is, it too will require tuning. 
  • Installing and testing SSL, and ensuring it is in use on the website and any other web access points (phpMyAdmin for example)

We can provide "not-to-exceed" quotes along with hourly rates, which will give a good sense of what it will take. This is like a fixed price, except we will come in *under* budget without the unused portion being due.

Contact us to find out more.