What is PCI Compliance?
Sites that handle financial transactions such as donations, online orders, and recurring subscriptions without some kind of third-party vendor such as PayPal will often require PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.
Typical PCI Compliance Tasks:
- Updating server operating system software (Linux flavors such as Ubuntu, CentOS, RedHat, etc)
- Updating Apache, Nginx, MySQL (or other database servers as needed), PHP
- Installing, configuring, and maintaining a sensible firewall to close all but the essential ports
- Disabling the mail server if not in use. If it is, it too will require tuning.
- Installing and testing SSL, and ensuring it is in use on the website and any other web access points (phpMyAdmin for example)
Passing PCI Scans
Companies such as SecurityMetrics and TrustWave perform such scans, and if the site fails the scan, it must be brought into compliance in order to pass the next scan. We routinely handle such PCI compliance tasks for our customers. Maintaining PCI compliance requires a dedicated server or at a minimum a well-maintained VPS or cloud instance, depending on the desired level of compliance.
Contact Us about PCI Compliance
We can provide "not-to-exceed" quotes along with hourly rates, which will give a good sense of what it will take. This is like a fixed price, except we will come in *under* budget without the unused portion being due.
Contact us to find out more about PCI compliance.