Month: January 2018

Make PCI DSS Compliance Easier with PCI DSS Hosting

PCI DSS hosting is a service in which a hosting company hosts an IT solution in such a way that it complies with the Payment Card Industry Data Security Standard. It makes it a lot easier for businesses to fully comply with PCI DSS.

What is the Payment Card Industry Data Security Standard (PCI DSS)?

The Payment Card Industry Data Security Standard is a set of data security standards developed and enforced by the Payment Card Industry Security Standards Council (PCI SSC), which is run by five of the world’s largest payment card brands: American Express, Discover, JCB International, MasterCard, and Visa.

Any business that processes, stores, or transmits the data from the payment cards of one of these brands has to comply with PCI DSS requirements. Failure to comply with PCI DSS can result in penalties. Such as increased payment processing fees, having your ability to accept payment cards being revoked, and fines in the tens or hundreds of thousands of dollars.

How to Comply With PCI DSS?

Complying with PCI DSS can be difficult for many businesses, especially those that don’t have a lot of IT security measures in place, whose IT budgets are small, or that don’t have any on-staff IT employees. The latest version of PCI DSS, for example, is nearly 140 pages long and has more than 100 total requirements. It includes advanced requirements such as:

  • Implementing and configuring firewalls
  • Implementing and regularly updating and running the antivirus software on all devices in the cardholder data environment (CDE)
  • Implementing an authentication system
  • Implementing a CDE-wide logging system
  • Implementing physical security measures to protect the hardware in the CDE from unauthorized access, such as video cameras and ID scanners
  • Performing internal and external network vulnerability scans and penetration tests
  • Implementing intrusion detection and prevention systems (IDS/IPS) and change detection systems

Many businesses don’t have the ability to comply with these requirements by themselves, usually either because they can’t afford to implement them or because it requires someone with more IT knowledge, skill, or experience than what they have on-staff.

Hosting helps businesses to comply with PCI DSS because it comes with security measures that satisfy most of the requirements.

For example, most hosted solutions, even those that haven’t been designed to comply with PCI DSS, come standard with PCI DSS-compliant features such as authentication (login) systems. And many hosting companies already comply with many aspects of PCI DSS without having to do anything different.

How Beneficial is a PCIS DSS Provider?

With a PCIS DSS hosting provider, you can feel finally at ease because they regularly run the following:

  • Scan their networks and systems for vulnerabilities
  • Follow authentication practices
  • Implement and maintain physical security measures at their data centers
  • Implement and maintain logging systems
  • Regularly perform vulnerability scans and penetration tests
  • Implement and maintain intrusion detection systems (IDS/IPS) and change detection systems
  • And implement and maintain security policies and incident response plans.

In addition to these default security measures, hosting companies will also include additional security measures to ensure that a hosted solution is fully compliant with PCI DSS. Such as specially-configured firewalls and antivirus software.

Oftentimes, hosting will not by itself make a business compliant with PCI DSS. However, in some cases, all a business that signs up for PCI DSS hosting will have to do is create security policies and incident response plans. It helps ensure that all of its employees, contractors, and partners understand and are capable of following them.

The hosting company will take of everything else. This includes implementing and configuring all of the advanced security measures. Which a lot of businesses, especially small businesses that don’t have any full-time IT employees, would not be able to do by themselves. And constantly monitoring and maintaining these security measures (which many businesses’ employees might not have time for).

To sign up for PCI DSS hosting, simply contact your preferred IT hosting company.