PCI Compliance & Security

Enhanced web server security with PCI compliant hosting

Did you know that all merchants that process credit cards online must adhere to the Payment Card Industry Data Security Standards (PCI-DSS)?

We help you on your way towards PCI compliance by applying the current security best-practices and server hardening recommendations.

klsjdajsdhaksjdhasj

What is the PCI-DSS?

The PCI Data Security Standards is a set of standards and measurements designed to enhance payment card data security and help organizations ensure the safe handling of cardholder information.

Do I need to care?

Yes! Currently, credit card brands like Visa and MasterCard require all merchants and service providers that process, store or transmit cardholder data to be validated according to the PCI-DSS.

Where do I start?

To become PCI compliant you must successfully pass a vulnerability scan from an approved scanning vendor, and fill out the Self-Assessment Questionnaire.

How does EveryHost help with PCI compliance?

See how we address each of the 12 requirements specified in the PCI Data Security Standard

1. Install and maintain a firewall configuration to protect cardholder data

Managed Firewall

Every Host applies stringent firewall rules that inspects and filter any unwanted traffic from the network, such as port sniffing attempts or packet flood attacks.

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Strong Password Policy

All Every Host servers enforce a strong password policy to ensure user accounts and system services are not using weak passwords that can easily be cracked.

3. Protect stored cardholder data

Token-Based Payment System

It is your responsibility to implement this requirement.

Note: We do not recommend storing credit card information directly in your database. Instead, use a token-based payment system where sensitive card details are stored remotely with the payment processor provider.

4. Encrypt transmission of cardholder data across open, public networks

SSL Certificates

Every Host offers highly secure SSL certificates from the leading and most trusted SSL issuers in the industry. Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) SSL certificates are available.

5. Use and regularly update anti-virus software on all systems commonly affected by malware

Managed Anti-Virus and Web Application Firewall

Every Host provides advanced Anti-Virus and Web Application Firewall toolkits for real-time web application monitoring and protection against malware and common security exploits.

6. Develop and maintain secure systems and applications

Automatic Security Updates and Kernel Patches

We offer automatic rebootless kernel updates through KernelCare by CloudLinux, which automatically applies new security patches and keeps your server protected against known vulnerabilities. The Mod Security web application firewall is installed and updated with the latest security rule set and PHP is secured by Suhosin, an extension which adds several patches to the PHP core and includes numerous other protections.

7. Restrict access to cardholder data by business need-to-know

Granular Access Control and “Least Privilege” Principle

Through the Every Host control panel, you can create accounts and assign privileges to only the users that should have access to a particular system or service, such as the FTP or database server. Restrict access by IP address or public-key authentication to further restrict who can access your server.

8. Assign a unique ID to each person with computer access

This requirement is covered by requirement 7.

9. Restrict physical access to cardholder data

Data Center Security

The Every Host servers are located in a state-of-the-art data center with SSAE-16/SAS-70 Type II certifications and SOC 1 Type 2 audit. Our facility conforms to the highest level of security, including 24/7 on-site security guards, interior and exterior camera surveillance, keycard locks and biometric palm scanner to restrict the access of unauthorized personnel.

10. Track and monitor all access to network resources and cardholder data

Proactive Monitoring and Log Inspection

Our engineers and security experts continuously monitors the server logs for suspicious activity and break-in attempts, and provide expert guidance and investigation in the event of an alleged security breach. Raw access logs are available upon request.

11. Regularly test security systems and processes

Threat Management

Every Host employs sophisticated Intrusion Detection Systems and various threat mitigation strategies to detect threats and vulnerabilities in real-time. Our highly skilled server engineers are available around-the-clock to immediately investigate and respond to alerts.

12. Maintain a policy that addresses information security

It is your responsibility to implement this requirement. It should be part of your organization’s security policy.

Gamorrean Security

Our security suite combines all of the below to ensure your business is guarded against intruders, keeps its reputation and is online 100% of the time.

Services Image

Port Honeypot/Web Honeypot

Protect CMS and malicious port scans with our honeypot. Gamorrean opens ports to expose malicious IP's and blocks them in a grey list so they can't infect your server.

Services Image

Malware Detection and Removal

Unvalidated file uploads, script injection, remote code injection, and CMS (WordPress, Joomla, Drupal, etc) vulnerabilities are detected and removed

Services Image

Web Application Firewall (WAF)

Our Web Application Firewall (WAF) constantly scans and analyzes the incoming traffic flow to your server, looking for malicious content based on different factors. Used in conjunction with Log Analysis, WAF guarantees an extremely low false positive rate while stopping attacks against the applications running on your server

Services Image

CAPTCHA

Gamorrean uses CAPTCHA to tell computers and humans apart, it distinguishes between human and bot generated traffic ensuring botnets are blocked immediately.

Services Image

DoS Detection

Constant monitoring of incoming and outgoing connections against grey lists ensures accurate blocking of Dos attacks.

add some things from here to show benefits of bitninja

https://bitninja.io/features

https://www.properhost.com/features/pci