PCI DSS Hosting

If your e-commerce site takes online credit card payments and either stores or transmits the details to a third party, then you need to adhere to the latest version of the PCI DSS security standard. PCI DSS was designed by the world's five largest payment card companies in 2004, but recently more and more companies have realised the need to switch.

Recent PCI DSS initiatives have included the implementation of chip and pin security on all bank cards and the rolling out of the new security measures on a global basis. As PCI DSS is supported by all major banks and clearing houses, a failure to ensure compliance with the new system, could in theory result in your company having its merchant account revoked.

In essence, PCI DSS compliance transfers the onus of responsibility from the banks to the individual companies when dealing with online payments.

That's where we come in. Netplan has a vast amount of experience in this field. We manage PCI Level 1 hosting architectures licensed to process in excess of 24 million transactions per year. Additionally, we have developed a client base at all other levels of PCI - 2, 3 & 4. We work closely with a variety of security companies and QSA agencies to assist you in making your site compliant, whilst offering your choice and value in your security auditing.

PCI DSS hosting is complex, but needn't be a headache. Since each site is different, we recommend that you give us a call and have a chat with one of our experts who can guide you through the process.

Card holder data must not be stored in full and all transmissions of any card holder data across open networks must be in the encrypted form. These procedures must be carried out in a way that is recorded and monitored through policy documents and all records of changes that are made must be available for scrutiny at a later date. There is also a requirement for high integrity network traffic analysis which is configured and fully managed as part of our comprehensive PCI managed hosting solution.

Netplan can work with your company to make sure that it is fully PCI DSS compliant. There are four levels of compliance and they are dictated by the volume of online payments handled by your company.

As more companies invest in protecting themselves, so the non-compliant will become more vulnerable to attacks used by criminal organisations to steal credit card details. Since the shift in focus on client security has been moved to the trading company rather than being left with the banks, the implications of ignoring the compliance standard can be as severe as the removal of your right to a merchant account and a £50,000 fine.

In short, failure to implement the new security standards across your business could see your company losing not only money, but trust and even its bank account. The PCI DSS security system was created to protect not just consumers, but businesses too from being hacked. Netplan provides a PCI DSS compliant hosting environment for your ecommerce solution. We can get your business through the compliance process with our experienced team of professionals.

PCI DSS compliance need not be a headache for your business; but can appear daunting at first glance. As a professional hosting company with a blue chip client base, Netplan can help you successfully navigate your way through the process. Speak to one of our specialist security advisors now regarding Netplan PCI compliant hosting.

---

Netplan can you help you with the Payment Card Industry Data Security Standards (PCI DSS), which has been introduced by the leading credit card associations as a means of standardising the level of security surrounding card payments and to reduce credit card fraud. Compliance with PCI DSS is due to become mandatory for all organisations that store, process, or transmit cardholder information.

Hosting providers such as Netplan perform a critical function for many organisations that store, process or transmit cardholder data and if they host or manage the systems that store, process or transmit cardholder data, they are also required to validate their compliance with certain aspects of the PCI DSS.

With Netplan's range of services, it classifies itself into both of the following groups:

Unmanaged PCI DSS Hosting Providers:

PCI DSS Hosting Providers that provide hosting facilities only for their customers. The following PCI DSS Requirements apply to Unmanaged Hosting Providers:

• Requirement 9 - Restrict Physical Access to Cardholder Data.
• Requirement 12 - Maintain a policy that addresses information security for employees and contractors.

Managed Hosting Providers:

Hosting Providers that provide managed services to their customers and/or hosting facilities. Managed Hosting Providers are required to be compliant for all aspects of the PCI DSS Hosting that apply to their respective managed services.

Netplan's PCI DSS advisory services:

• Pre-Compliance Health Check - onsite review and gap-analysis provides a structured framework and guidance to address non-compliance, and thereby facilitates straightforward compliance.
• Network Vulnerability Scans - identify and prioritise network vulnerabilities ensuring up to date protection from the latest threats and meeting annual PCI DSS hosting compliance requirements.
• Penetration Testing - customised penetration testing service provides a comprehensive analysis of a network and application's security and level of protection against compromise.
• Onsite Assessments - both Unmanaged and Managed Hosting Providers require an annual onsite assessment to validate their compliance.
• Design, build, deploy and manage - assistance with information security policies and procedures; secure network architecture design; gap analysis; supply, configuration, and onsite implementation of proprietary or third party security devices.

Talk with us today about where you are in the process of getting or maintaining compliance and explore how we enable you to redirect you skills to revenue generating activity whlist eliminating customer and regulatory exposure.