Kristin Tiong
BNS Hosting
www.bnshosting.net
#29 AB Fernandez Ave., Dagupan City, Pangasinan, Philippines
(075) 614 3247
isabel.tiong@bnshosting.net
What is PCI Compliance?
PCI (Payment Card Industry) Compliance standards was created by major credit card issuers to protect personal information and ensure security when transactions are processed using a payment card. Members of the Payment Card Industry (financial institutions, credit card companies and merchants) must comply with these standards if they are accepting credit cards as modes of payment. Failure to meet these standards can result to fines from credit card companies and even the loss of the ability to process credit cards. There are six categories of PCI Standards that must be met in order for a retailer to be considered a PCI Compliant.
1. Maintain a secure network
An actual network where the transaction is being exposed to, must be secured. In case of an online business, the vulnerability for this standard is the web server itself. In here, the hosting companies must take the responsibility to make the network secure.
2. Protecting Cardholder Data
This category focuses on how the cardholder data is stored and transmitted. Ways on how to protect these data are, encryption of data. Online businesses need to be critical of the way the cardholder data is transmitted. Because during the transmission, the data is being sent across the Internet. The data here must be encrypted with at least a 128 bit SSL certificate to meet this standard.
3. Maintaining a Vulnerability Management Program
This category means, keeping systems up to date. Vulnerability exposures can be minimized by regularly updating computer hardware, operating systems and software, anti-virus softwares, and regular virus scans.
4. Implementing Strong Access Control Measures
Part of meeting PCI Compliance means limiting access to cardholder data to only those persons that need to use it.
5. Regular Monitor and Test Networks
Networks where the cardholder data is located must be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard.
6. Maintain an Information Security Policy
Making and implementing a security policy for the company to make sure employees know and understand their responsibilities with regards to cardholder data.
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Since Payment Card Industry (PCI)’s Data Security Standard is increasingly being demanded by tech savvy clients, so it is important that your hosting provider is able to offer PCI Compliant Hosting.
PCI Compliant Hosting providers have grown in importance as the scale of financial transactions are more and more being done online. At BNS we implement the major aspects of PCI standards to make these PCI standard hosting services. Both physical and logical barriers are in place to restrict access and secure data to only those individuals that are properly authenticated and authorized to access the servers.
BNS Hosting employ things like certificate based security, encrypted communications, IP access control list, full audit entry logs and physical access control measures that employ biometrics.
How to make your website PCI Compliant?
Step 1: Find out the level of PCI Compliance needed:
Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data·
Level 2: Merchants which process between 150,000 to 6 million annual transactions
Level 3: Merchants which process between 20,000 and 150,000 annual transactions
Level 4: Merchants which process less than 20,000 annual transactions
The requirements for each level are:
Level 1: Annual on-site security audit and quarterly network security scan.
Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
Level 4: No need to report compliance but must maintain compliance
Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for vulnerabilities. Be sure to continue the scanning on a quarterly basis.
Step 3: Report your compliance by sending the PCI scan and self-assessment to your merchant bank.
Feel free to contact us about your PCI compliant hosting requirements at team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our online expert hosting solution adviser.
PCI (Payment Card Industry) Compliance standards was created by major credit card issuers to protect personal information and ensure security when transactions are processed using a payment card. Members of the Payment Card Industry (financial institutions, credit card companies and merchants) must comply with these standards if they are accepting credit cards as modes of payment. Failure to meet these standards can result to fines from credit card companies and even the loss of the ability to process credit cards. There are six categories of PCI Standards that must be met in order for a retailer to be considered a PCI Compliant.
1. Maintain a secure network
An actual network where the transaction is being exposed to, must be secured. In case of an online business, the vulnerability for this standard is the web server itself. In here, the hosting companies must take the responsibility to make the network secure.
2. Protecting Cardholder Data
This category focuses on how the cardholder data is stored and transmitted. Ways on how to protect these data are, encryption of data. Online businesses need to be critical of the way the cardholder data is transmitted. Because during the transmission, the data is being sent across the Internet. The data here must be encrypted with at least a 128 bit SSL certificate to meet this standard.
3. Maintaining a Vulnerability Management Program
This category means, keeping systems up to date. Vulnerability exposures can be minimized by regularly updating computer hardware, operating systems and software, anti-virus softwares, and regular virus scans.
4. Implementing Strong Access Control Measures
Part of meeting PCI Compliance means limiting access to cardholder data to only those persons that need to use it.
5. Regular Monitor and Test Networks
Networks where the cardholder data is located must be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard.
6. Maintain an Information Security Policy
Making and implementing a security policy for the company to make sure employees know and understand their responsibilities with regards to cardholder data.
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Since Payment Card Industry (PCI)’s Data Security Standard is increasingly being demanded by tech savvy clients, so it is important that your hosting provider is able to offer PCI Compliant Hosting.
PCI Compliant Hosting providers have grown in importance as the scale of financial transactions are more and more being done online. At BNS we implement the major aspects of PCI standards to make these PCI standard hosting services. Both physical and logical barriers are in place to restrict access and secure data to only those individuals that are properly authenticated and authorized to access the servers.
BNS Hosting employ things like certificate based security, encrypted communications, IP access control list, full audit entry logs and physical access control measures that employ biometrics.
How to make your website PCI Compliant?
Step 1: Find out the level of PCI Compliance needed:
Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data·
Level 2: Merchants which process between 150,000 to 6 million annual transactions
Level 3: Merchants which process between 20,000 and 150,000 annual transactions
Level 4: Merchants which process less than 20,000 annual transactions
The requirements for each level are:
Level 1: Annual on-site security audit and quarterly network security scan.
Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
Level 4: No need to report compliance but must maintain compliance
Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for vulnerabilities. Be sure to continue the scanning on a quarterly basis.
Step 3: Report your compliance by sending the PCI scan and self-assessment to your merchant bank.
Feel free to contact us about your PCI compliant hosting requirements at team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our online expert hosting solution adviser.
- Related Articles
- Related Q&A
- Bns Hosting is a Pci Compliant Hosting Provider
- Securing Credit Transactions: the Pci Data Security Standard
- Is the E-merchant Pci Compliant? Check Before You Purchase
- Why Businesses Need To Be PCI Compliant
- How Pci Dss Security Standards Protect Your Credit Card Transactions
- Why And How To Be PCI Compliance
- Top Ten Reasons Why Pci is a Pain
- How Pci Protects Credit Card Transactions
All the needed Features with Dedicated Server Hosting
By: Chetan Bhalerao | 18/12/2009For the people who are looking out for the Dedicated Servers, it is necessary to reveal the fact that you will get all the features in the web hosting industry. This is the only option in the web hosting which will get you what you want and the real value for your money.
Clustered Dedicated Servers
By: Chetan Bhalerao | 18/12/2009Dedicated Servers is the need of the business needing high data space, bandwidth, best of the security, customized software applications, full control over the servers
What is Virtual Dedicated Servers?
By: Chetan Bhalerao | 18/12/2009As per the growing needs in the hosting industry, the need for making the Servers Secured is also an added task. This caused a new technology Virtual Technology to evaluate. If you think of the most secured hosting, Dedicated server hosting is the one which comes to your mind, however the cost associated with it is also some what larger than the other types of hosting, although there are affordable dedicated servers available now, people are looking for an option for the dedicated servers.
Affordable Dedicated Servers in India
By: Chetan Bhalerao | 18/12/2009Indian Hosting has traveled miles in recent past, You will see tremendous decrease in the people hosting their websites overseas, Hosting in India is now the first choice of the people in India and the sub continent
Advantages Of Linux Dedicated Servers
By: Chetan Bhalerao | 18/12/2009Lots of discussion over the years for the Dedicated servers and the other types of web hosting solutions. We have already concluded that the dedicated servers are the best types of the web hosting solutions. If we look further to it, We can say that in dedicated servers , if we say Linux Dedicated servers are the best and certainly has some advantages over its counter Windows Dedicated servers.
Quality Dedicated Servers
By: Chetan Bhalerao | 18/12/2009We have recently read that Dedicated Servers are now available in affordable prices, this is actually an adjustment made by the Web hosting provider such that the dedicated servers can be affordable to all of us. Many of the companies have good deals for you in Dedicated servers, calling it as affordable dedicated servers or the cheap dedicated servers.
Free Web Hosting-Web Hosting Guide and Tips
By: hardeepsingh | 18/12/2009Web hosting is a controversy that would get us in rank that would commence to form our proposal, or recognize that we don't have what they aspire.
Domain Registry-Buy a Domain Become a Pro or Businessman
By: hardeepsingh | 18/12/2009Survey for corporation that propose for acceptance cellular phone approval. If you have anxiety with your domain name, you requirement to be capable of performing to connection the company and talk to someone.
Understanding Web Hosting
By: BNS Hosting | 19/11/2009 | Web HostingYou have your new business and you are planning to set up your website and tell the whole world about your business and that you have a lot of products and services that you want to share. You also have in mind the design of your site and a catchy domain name. So what will be the next step? The answer is, to find a web hosting provider that will host your website. Puzzled? Let us start with the basics.
Hand Sanitizer, Effective at Killing Germs
By: BNS Hosting | 09/09/2009 | HealthAlcohol-based hand sanitizer has been around for years, but the research was never quite clear whether it was as effective against germs as washing your hands. The verdict is in, and it looks like hand sanitizer is at least as effective.
Computer Stores, Better if Online
By: BNS Hosting | 04/09/2009 | HardwareWe live in a very busy world. People are always up and about doing something no matter what time of day it is. Work has become a very big part of our lives and we would often take our work everywhere with us if we could. There seems to be no answer to the question if we work to live or we live to work. To keep up with our busy lifestyle, things are often served to us in a fast way.
Philippine Web Developer Listing
By: BNS Hosting | 05/08/2009 | Web DesignBNS Hosting is joining a tender to provide up to 2000 websites a year, in this regard, we are looking for web developers to join our central database so we can farm out the web development work. If we win the tender, we will need a lot of web developers for this project.
Sharepoint Hosted Solution at BNS Hosting
By: BNS Hosting | 10/06/2009 | Web HostingMany small to medium companies are starting to see the advantages of hosted applications like Microsoft's Windows Sharepoint Services. SharePoint Services is a tool to enhance collaboration in the workplace. In order to have the technology work for your business, you need to foster an environment that promotes collaboration. Without this environment, no technology tool will ever work.
Bns Hosting Offers Streaming Services
By: BNS Hosting | 09/01/2009 | VideoStreaming Media Services, also called Digital Media, Streaming Sound, Video Streaming Services, Streaming Audio Services, etc. Streaming video is a sequence of "moving images" that are sent in compressed form over the Internet and displayed by the viewer as they arrive. Streaming media is streaming video with sound.
Virtual Private Server Hosting at Bns Hosting
By: BNS Hosting | 02/01/2009 | Web HostingWhen it comes to hosting a website or web page, there are a variety of options available. Depending on the exact kind of services required, however, the costs and fees to hosting your website on a remote server can add up very quickly. One option that many people do not consider is hosting your site on one of the many virtual private servers available today.
Web Mirroring Service at Bns Hosting
By: BNS Hosting | 27/11/2008 | Web HostingAs the saying goes, "Two heads are better than one," but technically, two or more web servers are better than one. This is how the Mirroring Service will multiply your current website and copy its content over to our mirroring webserver. This instantly adds an extra webserver that is hosted in the US. Your website gets to use our 1gb of extra bandwidth. This service is perfect for handling sudden traffic surges. It also moves your website closer to your North American web visitors.