PCI Compliance
If you accept credit card directly on your web site then you need to be "PCI compliant," either now or very soon. By July 1, 2010, you also need to be using PA-DSS validated e-commerce software. We understand this. We can help.
The Situation
If you take credit cards directly on your web site then you must enhance your site's security in specific ways dictated by the Payment Card Industry (PCI). On October 23, 2007, Visa mandated that:
| Date | Visa Mandate | Which Means... |
|---|---|---|
| As of 10/1/2008 | "Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications" |
If you get a new credit card merchant account for your web site after 10/1/2008, you must have either PCI compliant hosting or you must use PA-DSS certified e-commerce software. |
| As of 7/1/2010 | "Acquirers must ensure their merchants, VNPs and agents use only PABP-compliant applications" | As of 7/1/2010, you must use PA-DSS certified e-commerce software on your web site. |
Learn More
Visit the Payment Card Industry Security Standards Council web site. It contains the PCI DSS and the PCI DSS Self-Assessment Questionnaire (SAQ) along with a wealth of additional information.
Running a PCI compliant e-commerce site adds complexity to an already complex part of your business. Hen's Teeth Network can help you navigate this maze while allowing you to focus your time and attention on actually running your business. We are strongly positioned to assist smaller e-commerce merchants being confronted with the unexpected demand to "become PCI compliant."
PA-DSS Certified E-Commerce Software
By July 1, 2010, all e-commerce software must be PA-DSS validated. This is in addition to a larger requirement for PCI DSS compliance.
PDG Commerce v5 is PA-DSS validated.
If you already have an e-commerce web site, check with your e-commerce software vendor to assure that an update will be available to you before the deadline. If you are using software which will never be PA-DSS certified, we can work with you on a migration plan. To discuss your specific situation, send email to info@hens-teeth.net or call us at (866)HENS-NET or (636)447-3030.
PCI Compliant Hosting
If you have been told that you must provide a "PCI Compliance Report," Hen's Teeth Network can help. This generally means that your web server and your office network must pass a PCI external vulnerability scan. To do this, you need three things:
- A scanning service from an Authorized Scanning Vendor (ASV)
- A hosting account which has been "hardened" so that it passes the scans by the ASV
- System administration procedures and assistance to assure that your hosting account remains hardened and able to pass the PCI external vulnerability scans which will occur at least quarterly, as long as you are in business.
Hen's Teeth Network offers all three components. We have partnered with McAfee, an Authorized Scanning Vendor, for the McAfee SECURE scanning service. Among our several different hosting plan families, the Virtual Private Servers and Managed Private Servers can be configured to pass a PCI external vulnerability validation scan (PCI DSS requirement 11.2). Finally, we have the expertise and staff to assure that your web site remains secure and "PCI compliant."
If you are a larger merchant and need fully PCI compliant hosting (e.g., distinct web application and database servers plus a hardware firewall), please telephone us at (866)HENS-NET or (636)447-3030 to discuss your situation.
| Hen's Teeth Network PCI Solutions | |||
|---|---|---|---|
| PCI Management | PCI Scanning (McAfee PCI Certification Service) |
McAfee SECURE | |
| PCI Compliant |  |
|
|
| Everything done for you | |
 |
|
| Compliance tasks are "do-it-yourself" or contracted hourly | |
|
|
| McAfee SECURE badge displayed on site | |
|
|
| Scanning frequency | Quarterly | Quarterly | Daily |
| Learn More | Learn More | Learn More | |
 |
|
|
|
sales@hens-teeth.net
(866)HENS-NET
(636)447-3030
