I currently have a VPS with KH as I was planning to deploy my hosting companies portal there. This portal would be storing credit card data.
As I understand it, to be PCI compliant when storing CC data, the data store (MySQL) would have to be on a machine (or VPS I guess) that is not accessible via the internet. So firewalled off to only allow access from the web server VPS (ie: would need two VPS accounts).
However, unless I misunderstand, the entire server the VPS account on has to be PCI compliant. Plus, KH has to be PCI compliant as they have physical access to the server. On top of that, the datacenter must be PCI compliant, etc.
Am I mistaken? This whole PCI mess is a large steaming pile and is a major headache for small businesses :-/
As I understand it, to be PCI compliant when storing CC data, the data store (MySQL) would have to be on a machine (or VPS I guess) that is not accessible via the internet. So firewalled off to only allow access from the web server VPS (ie: would need two VPS accounts).
However, unless I misunderstand, the entire server the VPS account on has to be PCI compliant. Plus, KH has to be PCI compliant as they have physical access to the server. On top of that, the datacenter must be PCI compliant, etc.
Am I mistaken? This whole PCI mess is a large steaming pile and is a major headache for small businesses :-/