You are not logged in. Please login or register.
PCI Compliancy
Posts [ 4 ]
Topic: PCI Compliancy
Hi,
a friend reccommended your magento hosting and I was wondering if you could advice on PCI compliancy of this solution. Ideally I would like to use a Sage Pay Direct integration that captures the credit card details in my magento app - BUT DOESN'T SAVE THEM. then presumably use an ssl connection to Sage pay to get the acceptance or refusal. Do you know if this would provide a PCI compliant solution or not? If so, would there be any other issues within your hosting environment. Cheers
Re: PCI Compliancy
Hi,
Previously PCI compliance regulations would have allowed our Magento Hosting plans to be compliant on the provision that you have an ssl setup.
However, as of October the 1st, for PCI compliance you would require your own self contained VPS setup due to the new PCI compliance guidelines. If you would like anymore info on this, or just want to chat about hosting packages please don't hesitate to get in contact
Kind Regards,
Marcie 
Re: PCI Compliancy
Why can you not get PCI compliance on your shared plans. I have PCI compliance on my current shared plan on my current host. I want to move hosts because my current provider does not support Magento. I want to move to NuBlue because I hear very good things about you. BUT PCI is a must for me. I will not consider any host that cannot achieve this.
That said I intend to user the Sage Pay Server interface so the payment pages would be hosted on Sage's servers. In theory this means that the PCI security scan is not mandatory for me. However I would like to have the scan so I can display the secure PCI logo on my checkout and in any case for the peace of mind. I would not put it past the banks to insist on PCI compliance ectending to scans for all carts.
Re: PCI Compliancy
Hi Kulture,
You can be PCI compliant on Shared but only if you don't process the card payments in any manner. You'd be looking at the Type 1 Self Assessment Compliance for that. The client chooses the products on your website, then when they want to pay they are redirected to SagePay. The transaction is processed on their servers and they are PCI compliant; once the transaction has been completed, they are returned to your website and the order is complete. This is the only way to achieve PCI compliancy on Shared Hosting as it removes your hosting from the card data compliancy requirements altogether (you still need to go through all the compliancy involved in company procedure for instance).
If you wanted to process payments on your site, so you would be storing card details on and processing them through your site - you wouldn't be able to complete the level 1 SAQ, you'd have to go for level 4 (or 5). This is where Shared hosting can never be compliant because by its very nature, it is Shared; you may be compliant, but that doesn't mean that everyone else on the server is (or needs to be). More importantly, your card data is not isolated from other clients or companies, not because Shared hosting (or our hosting!) is insecure, but simply because you are all on the same server. You can only claim compliancy if your site that is storing card data is isolated, i.e. on its own Virtual or Dedicated server. You would have to verify that the hosting is compliant and the networking scans are only part of that compliancy. Sharing the server with other clients and companies invalidates that.
We have many clients on Shared hosting who are compliant and it simply boils down to the fact that if you want to go for Shared hosting and compliancy you cannot process card data on your store, in which case the 'burden' for compliancy in this regard rests with your payment gateway provider. The rest of the compliancy you can complete, and depending on who you are using for your compliancy, it should only mean that you won't be able to display results or logos relating to Networking scans and/or those levels of compliancy, because they simply are not relevant or possible on Shared hosting!
I hope this helps - if it's any consolation you don't need to do anything other than order hosting to get Magento to work on our servers, Shared or otherwise!
Last edited by NuBlue-Ewan (2010-02-15 14:29:04)
Posts [ 4 ]
Web Hosting » Support » NuBlue Forums » Pre-Sales Questions » PCI Compliancy
