Cartika Blog

Why Choosing PCI-Compliant Hosting Matters

They say money makes the world go round, and that’s certainly true of the world wide web. In spite of its early and idealistic origins as a platform for unhindered communication, the Internet has grown to its current size and influence because of its commercial potential. eCommerce is one of the strongest drivers of that growth, and eCommerce would be impossible without a secure and trusted way to transfer money between customers and vendors. The Payment Card Industry Data Security Standard is the de facto standard to which responsible hosting companies who deal with credit card data adhere. The PCI-DSS lays out a set of best practices that help guarantee that when customers send credit card data across the Internet, it will be treated with the respect and level of security necessary to deserve their trust. While the PCI-DSS has been subject to several revisions over its life — with the most recent coming into force this year — its basic principles, to which PCI-compliant hosting companies must adhere, have remained fairly constant. Hosting companies must build and maintain a secure network that includes a firewall to protect cardholder data and use properly secured system passwords. Data must be encrypted as it passes across public networks — SSL / TLS is the standard technology for encrypting sensitive data. Additionally, if there is any possibility of systems becoming infected with malware, company’s must ensure that adequate anti-malware software is in place. All applications that handle credit card data must also be secure and access to credit card data must be strictly limited within organizations. Everyone who has access to that data must be uniquely identified to prevent lax data protection procedures and track access. Also, physical access to the servers on which data is held is strictly limited. It’s not enough to just create secure systems and leave it at that. They must be periodically assessed to ensure that the standards are constantly upheld — it’s easy to let things slide as systems are updated, but PCI-compliant hosting companies must ensure that any changes made to their infrastructure also conform with the PCI-DSS objectives. Losing customer credit card data can be the kiss of death to a small business and cause significant embarrassment and loss of trust for even the largest enterprise. Customers don’t care whether data breaches are the fault of the company they bought from or a hosting provider. The blame will fall squarely on the company they trusted. By choosing a PCI-compliant hosting provider, companies can be sure that their web hosts care as much as they do about the security of their customer’s data and make every effort to keep it safe. Image: Flickr/Images_of_Money