PCI Compliant Services

PCI DSS compliance requires any organization that handles credit cardholder data to implement certain technical, administrative and physical security services. The following PCI compliant services can be used to strengthen the security framework of your systems and minimize your overall risk of data loss.

Need PCI hosting services, or have questions? Request a quote, contact or chat with us now.

All of these components are required to meet PCI DSS compliance:

PCI Requirements	PCI Compliant Services
10.6: Review logs for all system components at least daily. 10.3: Record at least the following audit trail entries for all system components for each event - including user ID, type of event, data and time, success or failure indication, etc. 10.7: Retain audit trail history for at least one year, with a min. of three months immediately available for analysis (online, archived, or restorable from back-up).	Daily Log Review Monitoring and analyzing user and system activity can help detect patterns of normal use and potentially malicious users. Daily log review is the process of regularly reviewing and reporting on log activity. While some providers may offer logging (tracking user activity, transporting and storing log events), Online Tech provides the complete logging experience with daily log review, analysis, and monthly reporting.
10.5.5: Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts. 11: Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files or content files. Configure the software to perform critical file comparisons at least weekly.	File Integrity Monitoring (FIM) Monitoring your files and systems provides valuable insight into your technical environment and provides an additional layer of data security. File integrity monitoring (FIM) is a service that can monitor any changes made to your files.
6.6: For public-facing web applications, ensure: Verify that public-facing web applications are reviewed (using either manual or automated vulnerability security assessment tools or methods), as follows: At least annually and after any changes By an organization that specializes in application security That all vulnerabilities are corrected, and the application is re-evaluated after corrections Verify that a web-application firewall is in front of public-facing web applications to detect and prevent web-based attacks.	Web Application Firewall (WAF) Protect your web servers and databases from malicious online attacks by investing in a web application firewall (WAF). A network firewall’s open port allows Internet traffic to access your websites, but it can also open up servers to potential application attacks (database commands to delete or extract data are sent through a web application to the backend database) and other malicious attacks.
8.3: Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dial-in service (RADIUS) with tokens; or other technologies that facilitate two-factor authentication.	Two-Factor Authentication Online Tech offers two-factor authentication for VPN (Virtual Private Network) access as an optimal security measure to protect against online fraud and unauthorized access for clients that connect to their networks from a remote location.
11.2: Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).	Vulnerability Scanning Vulnerability scanning checks your firewalls, networks and ports. It is a web application that can detect outdated versions of software, web applications that aren’t securely coded, or misconfigured networks.
6.1: Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Install critical security patches within one month of release.	Patch Management Why is patch management so important? If your servers aren’t updated and managed properly, your data and applications are left vulnerable to hackers, identity thieves and other malicious attacks against your systems.
5.1: Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). 5.2: Ensure that all anti-virus mechanisms are current, actively running, and generating audit logs.	Antivirus Antivirus software can detect and remove malware in order to protect your data from malicious attacks. Significantly reduce your risks of data theft or unauthorized access by investing in a simple and effective solution for optimal server protection.
4.1: Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks.	SSL Certificate In order to safely transmit information online, a SSL (Secure Sockets Layer) certificate provides the encryption of sensitive data, including financial and healthcare. A SSL certificate verifies the identity of a website, allowing web browsers to display a secure website.

PCI Solutions

Fully compliant, QSA-audited PCI hosting solutions:

PCI Cloud Hosting

Cost-effective
Scalable for growth
Offsite backup

Learn More

PCI Managed Servers

High availability power & network
24x7 server monitoring
Audited by a QSA

Learn More

PCI Colocation

Redundant Cisco network
N+1 uninterruptible protected power
Shared high availability firewalls

Learn More

Join us for a free webinar, The Affordable Way to Maintain Security and Compliance with Two-Factor Authentication with Dug Song of Duo Security and Jason Yaeger of Online Tech.

When: June 4 @ 2 P.M. ET

Case Study

The Challenge

Pay-Ease required a SAS 70, PCI compliant data center to host their eCommerce SaaS solutions.

The Solution

With Online Tech’s Private Cloud Hosting platform, Pay Ease developed a scalable, flexible and secure virtual and storage environment.

Benefits for Pay Ease

SaaS applications are hosted in a SAS 70, SSAE 16, SOC 2 and PCI compliant data center
Online Tech’s Private Cloud Hosting platform allowed for a less costly, competitive PCI compliant solution
Flexibility to add, reconfigure or delete servers, hardware, or software with zero downtime without impacting customers

Download the PDF version >

Related Case Studies

PCI Compliant Cloud Hosting

They have been there before. They know what was required and they had the team members to put the project together. It was the whole package that made this an easy decision.

- Dean Scaros, President, Pay-Ease

Onlinetech

PCI Compliant Hosting

Call Today 1-734-213-2020

PCI Compliant Services