Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Free PCI Security Scan

  1. #1
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    4,702

    Default Free PCI Security Scan

    Free PCI compliance account

    GlowHost has partnered with ScanAlert and are pleased to announce FREE PCI security scanning and compliance services from Scan Alert.

    PCI compliance is MANDATORY for those of you who accept credit cards online. New Data Security Standards are in effect for merchants that require compliance regardless of the dollar amount that they process online.

    PCI compliance account FREE for GlowHost Customers. This is the same quarterly compliance scanning service that ScanAlert retails for $319 per year.

    This new service is designed to allow all GLOWHOST customers to easily meet the requirements of Visa and MasterCard’s Payment Card Industry (PCI) Data Security Standard. Compliance with the PCI standards is required by all ecommerce merchants.

    The ScanAlert program is a complete security auditing system with a breadth of features that far exceed the basic vulnerability scanning requirements of PCI, CISP and SDP which comprise the PCI Security Standards. A comprehensive security tool, it includes:

    • Access to ScanAlert’s web-based Vulnerability Management Portal
    • Scheduled quarterly automated vulnerability scans
    • Unlimited on-demand manual scans to re-test systems whenever needed
    • Detailed instructions to patch all vulnerabilities found during scans
    • Easy-to-understand security self-assessment forms and online assistance
    • Preparation of the Report on Compliance (ROC) documentation for submission to an online merchant’s acquiring bank

    Click the link below to take advantage of this offer.

    Free PCI compliance scan

    Please see the below PDF for more information on the PCI scanning technology.

    If you would like to use this PCI account in combination with GlowHost managed services for your dedicated server to ensure it is PCI compliant please see our managed PCI compliance service.
    Attached Files Attached Files
    Last edited by Matt; 05-19-2008 at 03:51 AM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  2. #2
    andychev's Avatar
    andychev is offline Master Glow Jedi
    Join Date
    Apr 2005
    Location
    Chester, UK
    Posts
    150

    Default

    Quote Originally Posted by Matt View Post
    Free PCI compliance account
    PCI compliance is MANDATORY for those of you who accept credit cards online. New Data Security Standards are in effect for merchants that require compliance regardless of the dollar amount that they process online.
    ...
    Bargain service. Although a nighmare of a field to be in. The basics of pci compliance often arent made clear (hence it took me several days to dig through all the information a few months back when the pci compliance form was put on my desk) There are four levels and depending on where your company falls determines at what level you have to be 'pci compliant'

    Level 1: Any merchent processing over 6,000,000 transactions a year, any merchant that has been subject to hacking. Or any merchant that visa says so.
    Annual onsite security audit: Required
    Quarterly system perimeter scan: Required
    Annual compliance questionaire: Required

    Level 2: Any merchent processing between 150,000 and 6,000,000 e-commerce transactions per year
    Annual onsite security audit: Not Required
    Quarterly system perimeter scan: Required
    Annual compliance questionaire: Required

    Level 3: Any merchent processing between 20,000 and 150,000 e-commerce transactions per year
    Annual onsite security audit: Not Required
    Quarterly system perimeter scan: Required
    Annual compliance questionaire: Required

    Level 4: Any merchent processing fewer than 20,000 e-commerce transactions per year and all merchents processing upto 6,000,000 transaction per year (offline)
    Annual onsite security audit: Not Required
    Quarterly system perimeter scan: Recommended
    Annual compliance questionaire: Recommended

    It also needs to be clear that pci compliance if for merchants ie you have a merchant number. This doesn not apply if you are using a third party payment system such as paypal, worldpay, etc etc because they are the mechant (they need to do it).

  3. #3
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    4,702

    Default

    Your information above may be a bit outdated. Level 4 are now required to be PCI compliant. In the past it was simply a recommendation. I agree, there is a lot of grey area and the credit card companies are the ones to blame for that.

    They want security but they do not clearly define how we (merchants and or hosts) are supposed to give it to them, and penalize us (merchants) when it is breached.

    That is why it is important to have your PCI status up to date because that one item is in "black and white" and is an important factor in safeguarding your merchant status if they decide to do something nasty like sue you someday, or take away you ability to process credit cards, you stand a much better chance in court, and hopefully it would never get that far based on your PCI compliance.
    Last edited by Matt; 12-06-2007 at 01:06 AM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  4. #4
    andychev's Avatar
    andychev is offline Master Glow Jedi
    Join Date
    Apr 2005
    Location
    Chester, UK
    Posts
    150

    Default

    Quote Originally Posted by Matt View Post
    Your information above may be a bit outdated. Level 4 are now required to be PCI compliant.

    Arg i was having a good day aswell! I was so relived when i had this landed on my desk and found it wasnt relevent a few months back. What a pain that they have now changed the boundries. I am sweating just thinking of this being given to me again! Quick run away!

  5. #5
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    4,702

    Default

    Well again it is all grey. But if you come across the new requirements for Level 1-4 as you are catching up on the new rules, it would certainly make for some good posting.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  6. #6
    kublaken is offline Newbie
    Join Date
    Dec 2008
    Location
    Tx
    Posts
    1

    Default VPS possible solution?

    with this statement:

    "PCI states that a machine that holds, transmits, or stores sensitive data must be owned by a single entity, and that entity must only grant access to sensitive cardholder data on a "need to know" basis."

    Is a VPS account for an e-com client needing to be PCI compliant good enough to pass the compliancy test?

    also, could an e-com client be pci compliant in a shared web hosting environment?

    Thanks,
    Ken

  7. #7
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    4,702

    Default

    In our assessment, the answer is NO, you need a dedicated server. PCI is a pretty grey area but I think erring on the side of caution and going with a dedicated server is the way to go. The new PCI DSS 1.2 has provisions in it for shared hosting but I do not see how it is possible to be compliant on a shared host and compliant with almost all the rest of the PCI DSS including your citation above.

    PCI Is full of contradictions but I've found that a dedicated server option is the best way to to limit the number of contradictions and grey areas found in PCI DSS.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  8. #8
    charlesh's Avatar
    charlesh is offline Master Glow Jedi
    Join Date
    Aug 2006
    Location
    Atlanta, GA - better than you imagined it would be.
    Posts
    189

    Default

    What about if you do not store cc numbers, but just transmit them to a clearing house like Auth.net? Is any level of PCI compliance required then?

    I had always thought the answer was not in that case...

  9. #9
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    4,702

    Default

    It doesn't matter if they're not stored. Even if they are only transmitted, they say that in order for you to be compliant with PCI...

    I’m a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS? If so, what is the deadline?

    All merchants, whether small or large, need to be PCI compliant. The payment brands have collectively adopted PCI DSS as the requirement for organizations that process, store or transmit payment cardholder data. PCI SSC is responsible for managing the security standards while each individual payment brand is responsible for managing and enforcing compliance to these standards. For questions regarding compliance validation requirements and deadlines as well as compliance reporting requirements, we recommend that you contact your acquirer. For more information regarding the PCI security standards and supporting documentation, including the “Navigating the PCI DSS” as well as targeted Self Assessment Questionnaires to assist small and medium merchants, please visit the PCI SSC website at: www.pcisecuritystandards.org.
    Source:
    https://www.pcisecuritystandards.org/ > FAQ >
    I’m a small merchant who has limited payment card transaction volume. Do I need to be compliant with PCI DSS? If so, what is the deadline?

    Is every merchant in compliance? No. I'd say less than 10% based on what I see running on the shared servers.
    Last edited by Matt; 12-16-2008 at 04:48 AM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | GlowHost's Facebook | Follow us on Twitter | GlowHost on Google+

  10. #10
    Websync is offline What's a Guru? I want to be a GlowRu!
    Join Date
    Oct 2005
    Location
    California
    Posts
    55

    Default

    Wow, thank you so much for posting this info. I had no idea about the PCI requirements. Doesn't effect me because I use PayPal, but it sure would effect other people that I design sites for.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15