# PCI Compliance



## Gioclone (Jul 9, 2009)

Hello Guys,

Just wondering if any of you guys who take credit cards have ever had to deal with PCI Compliance for your website and even you store terminal.

PCI Compliance Guide, PCI Data Security Standards, Manage a Data Breach, Protection Compliance and Reporting

Let me know what you think.


----------



## Rodney (Nov 3, 2004)

Yes, it's something that credit card companies seem to take seriously. 

Some webhosts (like LiquidWeb) offer PCI Compliance scanning and certification services. Merchant accounts require that you are PCI compliant as well. They usually refer you to third party certification services like ControlScan or ScanAlert (now McAfee)


----------



## hostingdiva (Mar 31, 2006)

Yes, I've had to deal with the PCI stuff. Do you have specific questions?


----------



## Gioclone (Jul 9, 2009)

Requirements for hosting, stores and software apps(web stores).


----------



## hostingdiva (Mar 31, 2006)

If you are using shared hosting, you will want to call the company to make sure they are PCI compliant. What's important with that is that people can't get access to your secure server area in any manner. Generally, on shared hosting - this is not the case - you can pretty easily access other peoples information. This is why you always read about people's accounts "getting hacked." It's best that the company has a separate secure server for credit card transactions.

But note that even if your hosting company is PCI compliant, you still have to be PCI compliant separately. The PCI Security Standard's Council provides a check list you can use here: https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions

Basically though, if you store your credit card information off site (e.g., you use PayPal or AuthorizeNet) and you do not see the credit card number, you will be PCI compliant.

I am not sure that this answers your questions so let me know


----------



## apt5tees (Nov 9, 2009)

Hey there- just posted something in the SSL forum about this. If you are on a shared hosting, as mentioned above, your worry is that your host is Compliant ( as long as you don't see the CC info on your site).
*pci*securitystandards.org really explains it.

I am currently employed at a Certificate Authority, we have products to keep you PCI compliant (don't worry, not selling ya here) Take a look at this Free Network Security with PCI Scan for Vulnerability Assessment 

This will explain how PCI products work-


----------

