PCI Compliant Hosting
Engaging customers online is a necessity for every business today. Brick and mortar traditional retail shopping experiences compete aggressively with online buying experiences, with local customers often choosing to buy online even if the store is right down the street.
Key banking and bill processing transactions are only a mobile app away, making both e-commerce transactions and the the number of end points touching cardholder data prolific. Established companies have to become online and mobile before the younger, nimbler competition absconds with the mobile market share. Nascent startups have to provide mature transaction security to protect their reputation with customers, and access to credit lines.
Two primary business drivers impact the data center: security and availability. Security protects cardholder data. Availability protects company cash flow.
The major financial institutions collaborated to define the PCI DSS standard with a minimum set of security measurements to protect the waterfall of sensitive identity and payment information flowing through the Internet. Businesses that don’t meet the standard are risking steep fines, loss or reduction of credit lines, goodwill and loyalty from valued customers, and legal costs should a breach occur. Availability is protected by investing in redundancy throughout the IT infrastructure – every minute of downtime has a direct impact on the bottom line.
Every company that accepts credit card payments must be PCI compliant. Companies who can afford the extensive capital outlay to build their own PCI compliant IT infrastructure must invest in the resources to maintain constant and ongoing diligence with patches to all operating systems and applications, daily review of log files, periodic vulnerability scanning, and annual penetration testing. Companies that are not in a position to build a PCI compliant infrastructure, or maintain the rigorous daily demands required to meet PCI compliance, look to outsource their IT infrastructure to a partner who has met PCI compliance, and can relieve the initial CapEx investment and ongoing daily compliance burdens.
Most favor a predictable OpEx commitment over the CapEx-intensive burden of facility and infrastructure maintenance. Outsourcing IT infrastructure is a strategy that allows companies to focus their in-house IT resources on their own end-user applications instead of the operating systems or hardware. PCI hosting partners who provide a well-respected and documented auditors’ opinion from an independent PCI DSS audit can also be a valuable asset to drastically reduce the cost and complexity of PCI SAQs (Self-Assessment Questionnaires) and third-party PCI QSA audits.
This white paper explores the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center both technically and contractually, and outlines the benefits and risks of data center outsourcing, and vendor selection criteria.
To view the full white paper and download the PDF, please fill out the form below.