PCI Compliant Hosting with Colocation America
Consider the superior value and quality service you will experience when trusting Colocation America as your PCI compliant data center. Our certified staff will work diligently to remove the hassle and risk associated with the PCI DSS standards that data centers and businesses experience.
What is PCI Compliance?
PCI DSS standards were created in 2004 to curb high-profile security breaches by the founding brands of the PCI Security Standards Council, which include but are not limited to, American Express, Discover Financial Services, JCB International, Mastercard Worldwide and Visa Inc. International.
The Payment Card Industry Data Security Standard (PCI DSS) serves the purpose of protecting consumer security for all businesses that process transactions using credit cards. Through the use of PCI hosting standards, server hosting procedures are implemented to ensure a secure environment for credit card processing. The standards are updated by the Council, as needed, to stay up-to-date with new or modified requirements. To be considered PCI compliant, businesses must meet all of the required standards sufficiently. Guaranteeing security and meeting requirements can be a tricky task for some businesses and the fine imposed for violations doesn’t make it any easier. However, at Colocation America we remove the complexity for you because we understand risk and risk management as a PCI compliant data center.
What Are the 12 Core PCI Compliance Requirements?
Build and Maintain a Secure Data Network:
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data:
- Requirement 3: Protect stored cardholder data.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program:
- Requirement 5: Use and regularly update anti-virus software
- Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures:
- Requirement 7: Restrict access to cardholder data by business need-to-know
- Requirement 8: Assign a unique ID to each person with computer access
- Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks:
- Requirement 10: Track and monitor all access to network resources and cardholder data
- Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy:
- Requirement 12: Maintain a policy that addresses information security
What are the PCI Compliance Levels?
There are four merchant pci compliant levels that businesses can be ranked with and for many, understanding these levels is the first step to compliance. Colocation America helps you to understand and our commitment to quality service will drive your business to success.
Merchant Level | Description |
1 | Any merchant—regardless of acceptance channel—processing over $6 million Visa transactions per year. |
2 | Any merchant—regardless of acceptance channel—processing $1-6 million transactions per year |
3 | Any merchant processing $20,000 to $1 million e-commerce transactions per year. |
4 | Any merchant processing fewer than $20,000 Visa e-commerce transactions per year, and all other merchants—regardless of acceptance channel—processing up to $1 million Visa transactions per year. |
*Table information via pcicomplianceguide.org.
PCI Data Security Storage
Requirement 3, listed above, states that you must always protect cardholder data. That means there are limitations to what can be stored and what cannot be stored. This is to protect not only the consumer, but the e-commerce as well from legal issues and the potential loss of millions of dollars.
A good rule of thumb is to never store cardholder data unless there is a legitimate and crucial business need. Those who fail to meet this rule are subject to a fine or further legal prosecution. Check out the table below for some PCI compliant hosting Data Storage guidelines.
Data | Allowed to Be Stored? | Needs to be Protected | PCI DSS Required | |
Cardholder Data | Primary Account Number (PAN) | Yes | Yes | Yes |
Cardholder Name | Yes | Yes | No | |
Service Code | Yes | Yes | No | |
Expiration Date | Yes | Yes | No | |
Sensitive Authentication Data | Full Magnetic Stripe Data | No | N/A | N/A |
CID/CVC | No | N/A | N/A | |
Personal Identification Number (PIN) | No | N/A | N/A |
*Table information via pcisecuritystandards.org Through our years of experience we know that compliance is not achieved by utilizing a single method, but rather, through application of a combination of PCI DSS operating environment standards. When we work hand-in-hand with your business, our certified specialists manage daily monitoring of systems and report our findings directly. We help you to identify the highest security risk targets, as well as, issue progress reports to keep you updated on your compliance. No longer will you worry about lapses in security or system downtime causing critical security breaches, we revamp your site with strong access control measures for added security and guarantee 100% uptime in our trusted Service Level Agreements.
Our support team has worked with many businesses, small and large, and the good reviews from our customers speak for themselves. Don’t be fooled into going it alone and trying to achieve PCI DSS compliance through the confusing self-assessment questionnaire (SAQ) process; trusting the Colocation America name will allow you peace of mind knowing that you will receive five-star service. Ensure that your company has a culture of security, allow YESPCI.com to manage your company’s PCI DSS compliance and move forward with a more simplified way to stay secure and achieve higher ROI.