PCI Compliant Hosting Solutions
Get the highest level of PCI compliance available. OrcsWeb's systems are confirmed PCI compliant by a 3rd party auditor.
Are credit cards processed through your website? Your customers trust that you will protect their information. PCI Compliance certifies that your organization has taken all the necessary steps to protect sensitive customer data — steps that are required by Visa and MasterCard. You can trust OrcsWeb to provide you with an environment that will enable you to achieve PCI Compliance Standards at the level of trust & security that your customers expect!
Managed PCI Compliant Hosting
Learn More About PCI Compliant Hosting
|What is PCI?||From Visa: “The Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of international security requirements for protecting cardholder data. The PCI DSS was developed by Visa® and the founding payment brands of the PCI Security Standards Council to help facilitate the broad adoption of consistent data security measures on a global basis.”|
|Who needs to be PCI compliant?||From Visa: “All Visa acquirers and issuers must comply, and must also ensure the compliance of their merchants and service providers who store, process, or transmit Visa account numbers. This program applies to all payment channels including card present, mail/telephone order, and e-commerce.”
Yes, that means everyone.
|There are multiple levels of PCI compliance.||
There are four levels for merchants ranging from Level 4 (less than 20,000 transactions per year) to Level 1 (over 6 million transactions per year).
|Is your web hosting PCI compliant?||
There are a growing number of hosting companies who claim PCI compliance. Be sure to understand what a web host means by PCI hosting and at which level they are certified.
Many hosting providers claim to be PCI compliant but when you explore the details, you find that they can make this statement because they tell clients to off-load their card processing to a third-party. If the third-party is compliant, and no transactions are actually processed at the web host, they don’t have to assure compliance with the strict PCI security standards. Is that PCI hosting? Not really because all it does is avoid the issue and push it outside the actual hosting service. Is that okay? Yes, it likely is for small vendors who want low-cost solutions and don’t mind offloading their credit card processing to a third-party like PayPal.
How can you tell if your host is really compliant? Just ask them. If they are Level 1 compliant service provider they should be able to provide a copy of their Certificate of Validation from their most recent annual audit. If they cannot do this, they likely only performed a self-assessment and called themselves compliant without external validation.
|Is OrcsWeb PCI compliant?||Yes, OrcsWeb has the highest level of PCI DSS v2.0 certification. We maintain strict security standards and are validated annually by a qualified third-party who performs both a thorough on-site analysis and also remote network scanning. But don’t take our word for it – feel free to ask to see our Certificate of Validation confirming our compliance if you are looking for PCI hosting.|
|If your host is PCI compliant are you automatically compliant?||
No. There are certain PCI requirements that need to be met directly by business over and above the hosting environment. There are things like ensuring use of SSL, encrypting card holder data, and controlling access to data, to name a few, that are features and functions of the ecommerce application and are also impacted by the business’ internal corporate processes.
Also, a PCI compliant service provider likely has some compliant and non-compliant services. For example, if you want the highest level of security and compliance then you are going to need a dedicated network segment and firewall, which is not something that comes by default, or is even always feasible, with every level and type of product. Be sure to check with your host to properly communicate your needs and also understand their offerings.
PCI Compliant Hosting Example Configuration
OrcsWeb PCI Compliance Tools Provide:
Physical System Security
Robust Firewall Services
Intrusion Detection Software
File Integrity & Log Management
Multi-Level Access & Password Security
Network Scanning/Auditing Process