Kraken Posted February 22, 2013 Report Share Posted February 22, 2013 I just signed up for my merchant service provider to run PCI compliance scans on my website. Their signup blurb suggested notifying my web host. So do I need to open a ticket for that, or will this thread do it, or do you even need to know about it? My status is currently "pending approval" so I don't know when their scan will take place. (edit)...aaannnnd now "approved for scanning." Yay. Quote Link to comment Share on other sites More sharing options...
Scott Posted February 24, 2013 Report Share Posted February 24, 2013 If you feel the need for us to be aware of this, you would want to open a ticket. That said, I see no reason for us to know the scan is pending/happening. Quote Link to comment Share on other sites More sharing options...
mohsinj677 Posted August 13, 2013 Report Share Posted August 13, 2013 {{{{{{{{ This post is so great and nice }}}}}}}}}}} I just signed up for my merchant service provider to run PCI compliance scans on my website. Their signup blurb suggested notifying my web host. So do I need to open a ticket for that, or will this thread do it, or do you even need to know about it? Quote Link to comment Share on other sites More sharing options...
Michael D. Posted September 2, 2013 Report Share Posted September 2, 2013 I can tell you right now that if you're not on a VPS server customized to pass a PCI scan - your scan will fail and there will be 'issues' that we cannot address due to the shared nature of the service... For example we cannot firewall off the SSH port, or disable some services that our users need that a PCI scan would see as a problem. At the end of the day if you require PCI Compliance you really need to be on a full dedicated server and, even then, it's not going to be easy to really be PCI compliant. Simply passing a scan does not, in and of itself, mean that you are PCI Compliant. I would strongly suggest using a payment gateway that can handle the transaction for you - PayPal is well known for this but there are others like Stripe - where you can process a credit card as though you would directly on your site but it's all handled through stripe.com seamlessly - i.e. your customer isn't aware they aren't paying on yourdomain.com - you still get the funds - and PCI Compliance is less of an issue [if at all]. At the end of the day I would get with your gateway provider to make sure you're doing what you need to do to really be PCI Compliant - I suspect it's going to cost a great deal more money and time to do it right as apposed to simply passing a scan. I wish I had better news - but I'd rather tell it like it is than have you surprised. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.