Kristin Tiong
BNS Hosting
www.bnshosting.net
#29 AB Fernandez Ave., Dagupan City, Pangasinan, Philippines
(075) 614 3247
isabel.tiong@bnshosting.net
What is PCI Compliance?
PCI (Payment Card Industry) Compliance standards was created by major credit card issuers to protect personal information and ensure security when transactions are processed using a payment card. Members of the Payment Card Industry (financial institutions, credit card companies and merchants) must comply with these standards if they are accepting credit cards as modes of payment. Failure to meet these standards can result to fines from credit card companies and even the loss of the ability to process credit cards. There are six categories of PCI Standards that must be met in order for a retailer to be considered a PCI Compliant.
1. Maintain a secure network
An actual network where the transaction is being exposed to, must be secured. In case of an online business, the vulnerability for this standard is the web server itself. In here, the hosting companies must take the responsibility to make the network secure.
2. Protecting Cardholder Data
This category focuses on how the cardholder data is stored and transmitted. Ways on how to protect these data are, encryption of data. Online businesses need to be critical of the way the cardholder data is transmitted. Because during the transmission, the data is being sent across the Internet. The data here must be encrypted with at least a 128 bit SSL certificate to meet this standard.
3. Maintaining a Vulnerability Management Program
This category means, keeping systems up to date. Vulnerability exposures can be minimized by regularly updating computer hardware, operating systems and software, anti-virus softwares, and regular virus scans.
4. Implementing Strong Access Control Measures
Part of meeting PCI Compliance means limiting access to cardholder data to only those persons that need to use it.
5. Regular Monitor and Test Networks
Networks where the cardholder data is located must be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard.
6. Maintain an Information Security Policy
Making and implementing a security policy for the company to make sure employees know and understand their responsibilities with regards to cardholder data.
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Since Payment Card Industry (PCI)’s Data Security Standard is increasingly being demanded by tech savvy clients, so it is important that your hosting provider is able to offer PCI Compliant Hosting.
PCI Compliant Hosting providers have grown in importance as the scale of financial transactions are more and more being done online. At BNS we implement the major aspects of PCI standards to make these PCI standard hosting services. Both physical and logical barriers are in place to restrict access and secure data to only those individuals that are properly authenticated and authorized to access the servers.
BNS Hosting employ things like certificate based security, encrypted communications, IP access control list, full audit entry logs and physical access control measures that employ biometrics.
How to make your website PCI Compliant?
Step 1: Find out the level of PCI Compliance needed:
Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data·
Level 2: Merchants which process between 150,000 to 6 million annual transactions
Level 3: Merchants which process between 20,000 and 150,000 annual transactions
Level 4: Merchants which process less than 20,000 annual transactions
The requirements for each level are:
Level 1: Annual on-site security audit and quarterly network security scan.
Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
Level 4: No need to report compliance but must maintain compliance
Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for vulnerabilities. Be sure to continue the scanning on a quarterly basis.
Step 3: Report your compliance by sending the PCI scan and self-assessment to your merchant bank.
Feel free to contact us about your PCI compliant hosting requirements at team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our online expert hosting solution adviser.
PCI (Payment Card Industry) Compliance standards was created by major credit card issuers to protect personal information and ensure security when transactions are processed using a payment card. Members of the Payment Card Industry (financial institutions, credit card companies and merchants) must comply with these standards if they are accepting credit cards as modes of payment. Failure to meet these standards can result to fines from credit card companies and even the loss of the ability to process credit cards. There are six categories of PCI Standards that must be met in order for a retailer to be considered a PCI Compliant.
1. Maintain a secure network
An actual network where the transaction is being exposed to, must be secured. In case of an online business, the vulnerability for this standard is the web server itself. In here, the hosting companies must take the responsibility to make the network secure.
2. Protecting Cardholder Data
This category focuses on how the cardholder data is stored and transmitted. Ways on how to protect these data are, encryption of data. Online businesses need to be critical of the way the cardholder data is transmitted. Because during the transmission, the data is being sent across the Internet. The data here must be encrypted with at least a 128 bit SSL certificate to meet this standard.
3. Maintaining a Vulnerability Management Program
This category means, keeping systems up to date. Vulnerability exposures can be minimized by regularly updating computer hardware, operating systems and software, anti-virus softwares, and regular virus scans.
4. Implementing Strong Access Control Measures
Part of meeting PCI Compliance means limiting access to cardholder data to only those persons that need to use it.
5. Regular Monitor and Test Networks
Networks where the cardholder data is located must be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard.
6. Maintain an Information Security Policy
Making and implementing a security policy for the company to make sure employees know and understand their responsibilities with regards to cardholder data.
Within these six categories are 12 requirements that address particular issues and that are directly related to web application security:
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
Since Payment Card Industry (PCI)’s Data Security Standard is increasingly being demanded by tech savvy clients, so it is important that your hosting provider is able to offer PCI Compliant Hosting.
PCI Compliant Hosting providers have grown in importance as the scale of financial transactions are more and more being done online. At BNS we implement the major aspects of PCI standards to make these PCI standard hosting services. Both physical and logical barriers are in place to restrict access and secure data to only those individuals that are properly authenticated and authorized to access the servers.
BNS Hosting employ things like certificate based security, encrypted communications, IP access control list, full audit entry logs and physical access control measures that employ biometrics.
How to make your website PCI Compliant?
Step 1: Find out the level of PCI Compliance needed:
Level 1: Merchants which process over 6 million annual transactions or have already suffered an attack resulting in compromised data·
Level 2: Merchants which process between 150,000 to 6 million annual transactions
Level 3: Merchants which process between 20,000 and 150,000 annual transactions
Level 4: Merchants which process less than 20,000 annual transactions
The requirements for each level are:
Level 1: Annual on-site security audit and quarterly network security scan.
Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an approved PCI scanning vendor
Level 4: No need to report compliance but must maintain compliance
Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for vulnerabilities. Be sure to continue the scanning on a quarterly basis.
Step 3: Report your compliance by sending the PCI scan and self-assessment to your merchant bank.
Feel free to contact us about your PCI compliant hosting requirements at team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our online expert hosting solution adviser.
- Related Articles
- Related Q&A
- Bns Hosting is a Pci Compliant Hosting Provider
- Securing Credit Transactions: the Pci Data Security Standard
- Is the E-merchant Pci Compliant? Check Before You Purchase
- Why Businesses Need To Be PCI Compliant
- How Pci Dss Security Standards Protect Your Credit Card Transactions
- Why And How To Be PCI Compliance
- Top Ten Reasons Why Pci is a Pain
- How Pci Protects Credit Card Transactions
Hand Sanitizer, Effective at Killing Germs
By: BNS Hosting | 09/09/2009 | HealthAlcohol-based hand sanitizer has been around for years, but the research was never quite clear whether it was as effective against germs as washing your hands. The verdict is in, and it looks like hand sanitizer is at least as effective.
Computer Stores, Better if Online
By: BNS Hosting | 04/09/2009 | HardwareWe live in a very busy world. People are always up and about doing something no matter what time of day it is. Work has become a very big part of our lives and we would often take our work everywhere with us if we could. There seems to be no answer to the question if we work to live or we live to work. To keep up with our busy lifestyle, things are often served to us in a fast way.
Philippine Web Developer Listing
By: BNS Hosting | 05/08/2009 | Web DesignBNS Hosting is joining a tender to provide up to 2000 websites a year, in this regard, we are looking for web developers to join our central database so we can farm out the web development work. If we win the tender, we will need a lot of web developers for this project.
Sharepoint Hosted Solution at BNS Hosting
By: BNS Hosting | 10/06/2009 | Web HostingMany small to medium companies are starting to see the advantages of hosted applications like Microsoft's Windows Sharepoint Services. SharePoint Services is a tool to enhance collaboration in the workplace. In order to have the technology work for your business, you need to foster an environment that promotes collaboration. Without this environment, no technology tool will ever work.
Bns Hosting Offers Streaming Services
By: BNS Hosting | 09/01/2009 | VideoStreaming Media Services, also called Digital Media, Streaming Sound, Video Streaming Services, Streaming Audio Services, etc. Streaming video is a sequence of "moving images" that are sent in compressed form over the Internet and displayed by the viewer as they arrive. Streaming media is streaming video with sound.
Virtual Private Server Hosting at Bns Hosting
By: BNS Hosting | 02/01/2009 | Web HostingWhen it comes to hosting a website or web page, there are a variety of options available. Depending on the exact kind of services required, however, the costs and fees to hosting your website on a remote server can add up very quickly. One option that many people do not consider is hosting your site on one of the many virtual private servers available today.
Web Mirroring Service at Bns Hosting
By: BNS Hosting | 27/11/2008 | Web HostingAs the saying goes, "Two heads are better than one," but technically, two or more web servers are better than one. This is how the Mirroring Service will multiply your current website and copy its content over to our mirroring webserver. This instantly adds an extra webserver that is hosted in the US. Your website gets to use our 1gb of extra bandwidth. This service is perfect for handling sudden traffic surges. It also moves your website closer to your North American web visitors.
Affordable Network Security Software
By: BNS Hosting | 27/11/2008 | NetworksConnecting your network to the internet, chances of being attacked, spammed, spoofed and even enterprise assets being compromised is high. Infrastructure, like routers, DHCP servers, DNS servers, web servers, are required to get the network online. As each problem is tackled, each point of solution must be researched, purchased, deployed, integrated and maintained. But with this kind of network that is prone to such attacks, cost and maintenance is what bothers us most.