BNS Hosting is a PCI Compliant Hosting Provider

Released on: October 20, 2008, 2:45 pm

Press Release Author: BNS Hosting

Industry: Internet & Online

Press Release Summary: PCI (Payment Card Industry) Compliance standards was created
by major credit card issuers to protect personal information and ensure security
when transactions are processed using a payment card. Members of the Payment Card
Industry (financial institutions, credit card companies and merchants) must comply
with these standards if they are accepting credit cards as modes of payment. Failure
to meet these standards can result to fines from credit card companies and even the
loss of the ability to process credit cards. There are six categories of PCI
Standards that must be met in order for a retailer to be considered a PCI Compliant.


Press Release Body: What is PCI Compliance?

PCI (Payment Card Industry) Compliance standards was created by major credit card
issuers to protect personal information and ensure security when transactions are
processed using a payment card. Members of the Payment Card Industry (financial
institutions, credit card companies and merchants) must comply with these standards
if they are accepting credit cards as modes of payment. Failure to meet these
standards can result to fines from credit card companies and even the loss of the
ability to process credit cards. There are six categories of PCI Standards that must
be met in order for a retailer to be considered a PCI Compliant.

1. Maintain a secure network

An actual network where the transaction is being exposed to, must be secured. In
case of an online business, the vulnerability for this standard is the web server
itself. In here, the hosting companies must take the responsibility to make the
network secure.

2. Protecting Cardholder Data

This category focuses on how the cardholder data is stored and transmitted. Ways on
how to protect these data are, encryption of data. Online businesses need to be
critical of the way the cardholder data is transmitted. Because during the
transmission, the data is being sent across the Internet. The data here must be
encrypted with at least a 128 bit SSL certificate to meet this standard.

3. Maintaining a Vulnerability Management Program

This category means, keeping systems up to date. Vulnerability exposures can be
minimized by regularly updating computer hardware, operating systems and software,
anti-virus softwares, and regular virus scans.

4. Implementing Strong Access Control Measures

Part of meeting PCI Compliance means limiting access to cardholder data to only
those persons that need to use it.

5. Regular Monitor and Test Networks

Networks where the cardholder data is located must be monitored and tested
regularly. Regular scans of security measures and processes, monitoring and tracking
of network access to cardholder data are required to satisfy this standard.

6. Maintain an Information Security Policy

Making and implementing a security policy for the company to make sure employees
know and understand their responsibilities with regards to cardholder data.

Within these six categories are 12 requirements that address particular issues and
that are directly related to web application security:

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security
parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security

Since Payment Card Industry (PCI)'s Data Security Standard is increasingly being
demanded by tech savvy clients, so it is important that your hosting provider is
able to offer PCI Compliant Hosting.

PCI Compliant Hosting providers have grown in importance as the scale of financial
transactions are more and more being done online. At BNS we implement the major
aspects of PCI standards to make these PCI standard hosting services. Both physical
and logical barriers are in place to restrict access and secure data to only those
individuals that are properly authenticated and authorized to access the servers.

BNS Hosting employ things like certificate based security, encrypted communications,
IP access control list, full audit entry logs and physical access control measures
that employ biometrics.

How to make your website PCI Compliant?

Step 1: Find out the level of PCI Compliance needed:

Level 1: Merchants which process over 6 million annual transactions or have already
suffered an attack resulting in compromised data

Level 2: Merchants which process between 150,000 to 6 million annual transactions

Level 3: Merchants which process between 20,000 and 150,000 annual transactions

Level 4: Merchants which process less than 20,000 annual transactions

The requirements for each level are:

Level 1: Annual on-site security audit and quarterly network security scan.

Level 2 and 3: Annual self assessment questionnaire and quarterly scan by an
approved PCI scanning vendor

Level 4: No need to report compliance but must maintain compliance

Step 2: Engage a PCI approved scanning vendor to have your Web site scanned for
vulnerabilities. Be sure to continue the scanning on a quarterly basis.

Step 3: Report your compliance by sending the PCI scan and self-assessment to your
merchant bank.

Feel free to contact us about your PCI compliant hosting requirements at
team[@]bnshosting.net or visit our site http://www.bnshosting.net and talk to our
online expert hosting solution adviser.

Web Site: http://www.bnshosting.net

Contact Details: Kristin Tiong
BNS Hosting
www.bnshosting.net
#29 AB Fernandez Ave., Dagupan City, Pangasinan, Philippines
(075) 614 3247
isabel.tiong@bnshosting.net

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •