PCI Question

Discussion in 'Pre-Sales Questions' started by Alarion, Feb 20, 2009.

  1. Alarion

    Alarion New Member

    I currently have a VPS with KH as I was planning to deploy my hosting companies portal there. This portal would be storing credit card data.

    As I understand it, to be PCI compliant when storing CC data, the data store (MySQL) would have to be on a machine (or VPS I guess) that is not accessible via the internet. So firewalled off to only allow access from the web server VPS (ie: would need two VPS accounts).

    However, unless I misunderstand, the entire server the VPS account on has to be PCI compliant. Plus, KH has to be PCI compliant as they have physical access to the server. On top of that, the datacenter must be PCI compliant, etc.

    Am I mistaken? This whole PCI mess is a large steaming pile and is a major headache for small businesses :-/
     
  2. KH-Joel

    KH-Joel KH Sales Staff Member

    Hello,

    We have several clients who we make their VPS PCI Compliant. The physical server the VPS resides on definitely doesn't need to be PCI Compliant as the VPS runs as it's own machine with it's own MySQL, Apache, etc, etc. So if you need a VPS and require it to be PCI Compliant all we require is first the VPS is a Managed VPS with us (cPanel, Plesk, or Directadmin only). We won't do PCI Compliancy work on Unmanaged VPS's so this is important to make note of. Second, provide us a security scan for the VPS from whomever you choose to do so (Macafee for example) and then we will do the work necessary to make your VPS PCI Compliant. Hope this helps.

    Regards,
    Joel
     
  3. Alarion

    Alarion New Member

    OK. Can the mysql database and the web server reside on the same physical (err, logical) VPS?

    Right now, the VPS isn't using a control panel, but I have my own extra Directadmin license. Is this acceptable?
     
  4. KH-Joel

    KH-Joel KH Sales Staff Member

    A Managed VPS means we provide a control panel and a VPS. We need to be the ones installing and configuring the control panel. Regarding MySQL and the Web Server, that all depends. Doing everything a PCI Scan says could result in Apache to not work. All we can do is make the VPS PCI Compliant. We can't get into best practices of PCI Compliancy though.

    Regards,
    Joel
     

Share This Page