Security: PCI Compliance at Site5
PCI stands for Payment Card Industry, the standard used for companies and organizations to dictate the procedures and security requirements in-order to help keep customer’s credit card information safe. These standards are important because without them, there would be no standard way to help keep sensitive information from falling into the wrong hands.
These sets of standards must be followed by all credit card merchants and merchant clients.
For more information about what PCI is, please click here.
How do they know if I am following PCI standards?
Credit card merchants take PCI compliance very seriously as it could jeopardize their relationship(s) with the different credit card issuers. Because of this, different merchants use different testing methods to insure that their clients are following the PCI standards. Most merchants run an automated audit system that scans your website and tests for possible security issues.
What about Site5?
Unfortunately, we can’t guarantee PCI compliance on any of our services. However, we do apply all security fixes to our servers as they become available. In most situations, this satisfies most audits/scanners, however there is the possibility that the audit may return an error or false negative.
Because of the version of CentOS we run, many PCI audits/scanners will return a false negative. If this happens, please feel free to contact our support team so that we can look into the issue.
In most situations when an audit fails, it is because of the CentOS version number itself. However, because CentOS continues to provide security patches/fixes for their older versions, simply contact your merchant or the complaining party and inform them of this. If they require proof of the patches, please feel free to contact us and we will be more than happy to provide you with the needed information.
What about other issues?
We are always upgrading and improving our security to ensure that our client’s information, data, and sites are secure. However, security for general information and web traffic is not the same as sending private information (like credit card numbers) over the internet.
One of the other major reasons that an audit may fail is the lack of a SSL certificate. SSL certificates allow information to be encrypted being sent over the internet. This provides a much more secure means of sending and receiving data.
For information about SSL certificates, please see our dedicated KnowledgeBase article on the subject by clicking here.