HackerSafe Or PCI Compliance
Apr 2, 2008Does "HackerSafe" (PCI Compliance [url] logo on a website make sense to attract more customers?
Will you (as a customer) prefer to see that logo on the hosting website where you bought your hosting from?
ADVERTISEMENT
PCI Compliance
Apr 1, 2009I was just presented with some work. The client has a ZenCart site.
They were recently contacted by their CC company that they are not PCI compliant. They brought it up with their hosting provider and were told that the host can put them on clustered hosting and set them up with a SSL certificate. As it stands now, they are using a freebie SSL cert that is registered with the host (https://thesite.host.com).
They decided that clustered hosting and a custom SSL cert is too much money. So they want me to install PayPal Website Payments Standard.
I'm fuzzy about PCI compliance. Will this actually make the site PCI compliant?
How To Go About PCI Compliance
Jan 14, 2008I have taken basic security measures on my VPS such as using CSF firewall, cPanel and CSF's security tweaks, compiling php with suhosin etc.
As there will be a couple of sites running ecommerce stores, I want to do PCI compliance to give greater confidence to my clients. How/where do I start? The available options just seem incredibly expensive.
PCI Compliance With Virtuozzo
Dec 4, 2008We have a client on a VPS (Virtuozzo) that is failing PCI Compliance through McAfee as the port for the "power panel" in Viruozzo uses week SSL encryption.
Since we can't block the port (as users need to be able to access it) does anyone know how we can possibly upgrade that or change things so that it will pass compliance?
All other ports on the server are fine, but the port 4643 keeps failing under the ScanAlert scans:
Low Strength Ciphers (< 56-bit key)
SSLv2
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv2
DES-CBC-MD5 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
RC4-64-MD5 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5
SSLv3
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
Anyone have any suggestions on how we can resolve this issue for the client?
PCI Compliance How Important Is It To You
Dec 11, 2008How important is PCI Compliance to you as a hosting provider? Are you compliant now?
Do you intend to be complaint? Also how many thing that just getting a scan from comodo or another scanner makes you compliant?
As far the rules for PCI-DSS state if you store CC's which all hosting companies do if they are using a billing system, i.e MB, WHMCS etc.. You have to be compliant to a fault for a 37 page document with lots and lots of requirements that most don't do and don't know how to do.
Is it worth it to not make the effort and get compliant or risk losing your merchant account and getting on the TMF list and fined $50k?
Web Host's PCI Compliance Certificate
Feb 14, 2009A bit of background. We're a Canadian company with an eCommerce (Miva Merchant) website currently hosting with Hosting4Less out of California, and we're using Moneris Solutions' eSelectPLUS gateway to accept credit cards online.
Actually, we're not accepting credit cards online yet as we're trying to become PCI Compliant. At Moneris' recommendation, we've signed with Trustwave to take care of PCI Compliance verification. The problem is, that Moneris requires us to provide them with our third party service provider's (Hosting4Less) PCI Certification, and to this request, Hosting4Less has responded with the equivalent of "a deer in the headlights look". I've contacted two other hosting companies and neither of them seems to be able to provide evidence of their PCI Certification either. So, my question, is providing such certification something that a PCI Compliant web host should be able to provide to their eCommerce customers, or is Moneris asking for something that doesn't exist?
Excerpt from Moneris Compliance email: ....
PCI Compliance And The Hosting Minefield
Mar 20, 2008Been reading your genuis skills and I was so impressed I figured you might be able to help me with a rather terrible quandry.
I am undergoing the search for a new dedicated hosting provider and at the same time undertaking PCI compliance.
Some of the hosting providers are suggesting that all PCI compliant merchants must ALL have a seperate and stand alone Firewall in order to reach PCI standards.
Other hosting providers seem jaded by the question and seem to think that the standard software type firewall will suffice.
Now, are the sales people I am speaking to inept or am I being "upsold" unneccessarily.
My transaction numbers are relatively low but the retention or certainly the passing of credit cards needs to be slick and happen on my site rather than another.
So could you tell me
1/ Is a PCI compliant merchant needing to have a seperate $500 a month harware firewall?
Oddly enough Control Scan, who are very good at selling me their SSL and PCI compliance in one service, are unable to advise me on those manditory hardware requirements for PCI compliance, even though they are supposed to be experts in the arena. So I thought I would ask someone who actually knows what they are doing!
PCI Compliance Shared Hosting Reviews
Dec 7, 2008I have searched for a bit, switched 3 hosting companies, and looking for a hosting company that can back up what they say...not just to get the sale
I have searched around here, and noticed a few hosting companies, and did a 'find a host search' but no reviews are in place
Can anyone provide some names of hosting companies, that are on shared servers, because
I can not afford dedicated server.