If you accept, retain, or process credit cards your server needs to be PCI compliant. Failure to do so can result in your merchant account being revoked by your card processor. Finding a good partner Data Center NOC is paramount to enabling completion of PCI compliance. Even better, a NOC who provides Managed Services who can assist you to complete the rigid compliancy tasks. First of all, what does being PCI compliant even mean?
Payment Card Industry (PCI) Data Security Standard (DSS) was formalized to protect credit card holder data. The Internet has grown by leaps and bounds and home-based businesses to large corporations all accept and process credit card information. DSS standards were created to protect sensitive credit card data. As you are aware, Internet fraud is big business and credit card details falling in to criminal hands will result in large amounts of fraud.
Now that we know what PCI and DSS are and why they were created, how do you secure your web server to become compliant?
There are many steps in ensuring your server is PCI compliant. Below are bullet points provided from the PCI Security Standards Council:
- Install and maintain a firewall
- Do not use vendor-supplied default system passwords
- Protect stored cardholder data
- Use and regularly update anti-virus software or programs
- Encrypt transmission of cardholder data across open, public networks
- Restrict access to cardholder data by business need-to-know
- Develop and maintain secure systems and applications
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test and security systems and processes
- Maintain a policy that addresses information security for employees and contractors
- Shared Web Hosting providers have additional requirements they must meet to protect the cardholder data environment
The above seems like quite a bit to take in at first. One of the cornerstones is finding a good quality Data Center which provides you the tools you need to become PCI compliant. Ultimately, it is your responsibility to secure your systems. A good NOC can make this job much easier by providing easy to manage tools to get it done.
Things to look for in a PC compliant NOC:
- Managed Services / Support team with an understanding of PCI DSS compliance
- Hardware and Software Firewalls available
- Anti-virus Software available
- Key card entry only in to NOC
- NOC limited to NOC employees ONLY
- Offers SSL certificates
- Employee screening (background checks)
- On-site security
- Secure and video monitored NOC
I’ve toured a lot of NOC’s and you would be shocked at how many advertising and promoting their services today can not meet the listing of requirements above. Main items lacking from 65 to 70% of all NOC’s I’ve toured are no employee screening, regular customers and others allowed to walk through a NOC, inadequate on site security (NONE), careless employees, and a general lack of understanding of security in general. Most important missing: QUALITY MANAGED SUPPORT TEAM UNDERSTANDING PCI COMPLIANCE.
The good thing is, there are high quality Data Centers available to you at affordable prices.
Many NOC’s listed on HostDiscussion.com offer quality hardware and software firewalls available to customers. In addition, these same NOC’s offer quality anti-virus / intrustion software. One of the NOC’s we suggest to small and large businesses on a regular basis is The Planet (http://www.theplanet.com). The Planet offers both hardware and software firewalls as well as highly secure NOC’s. Best yet, they offer the Managed Support and Services to assist you with the meeting the stringent PCI compliance.
For more quality information on managed services, be sure to visit this link:
Managed Support and Managed Service Providers
Information regarding PCI:
https://www.pcisecuritystandards.org/
https://pcisecuritystandards.org/pdfs/05-14-08.pdf
http://usa.visa.com/download/business/accepting_visa/support_center/cisp_overview.pdf#search=%22visa%20PCI%22
