How to go about PCI compliance?
Posted by ramdak5000, 01-14-2008, 09:48 PM I have taken basic security measures on my VPS such as using CSF firewall, cPanel and CSF's security tweaks, compiling php with suhosin etc. As there will be a couple of sites running ecommerce stores, I want to do PCI compliance to give greater confidence to my clients. How/where do I start? The available options just seem incredibly expensive. Any hints would be welcome.
Posted by creaws, 01-15-2008, 12:30 AM Hi, We work for companies that need to be PCI compliance. PCI apply only where cardholder information are stored, so you need to avoid store things like cvv & expiration date; and PAN must be encrypted. To be PCI compliance is very complex for this kind of services (web hosting, etc) because PCI do not permit share the server with another company and do not permit to have not certified external hosting for e-commerce companies. I recommend you visit https://www.pcisecuritystandards.org/ and read PCI DSS standard and PCI DSS Security audit procedures for more information. Hope this help you. Regards, Creaws.
Posted by ramdak5000, 01-15-2008, 12:55 AM Thank you for this important clarification. My client isn't planning to store cardholder info on the server. Thanks for this link too. Last edited by ramdak5000; 01-15-2008 at 12:56 AM. Reason: typo