PCI DSS Compliant Hosting

PCI DSS Compliant Hosting 

 

Achieving PCI DSS compliance doesn’t have to be hard. Not when you partner with Hughes Info Tech

Design 

We work with you to design the system your business needs for PCI compliance.

Build and Deploy  

We will build your architecture and assist fully with migration and deployment.

Pritext your infrastructure and achieve Compliance  

As a company that processes credit card transactions, or stores credit card information, you are a target. In June 2014, the motivation behind 58% of all hacking attempts was Cyber Crime. There are new security breaches in the news every few months, usually affecting millions of credit card holders.

This means obtaining PCI DSS compliance for your business is more than a regulatory necessity. It is the way to ensure your business, and your customers, are protected. The maximum fine for PCI DSS compliance violations is £50,000. However, the loss of trust in your business due to a security breach could be devastating. Contrary to popular belief, obtaining PCI DSS compliance doesn’t have to be hard. All you need is a trusted partner with the experience and commitment to help you.

Global organisations trust us

Company’s  have turned to us because we know what is necessary to become, and stay, compliant:

  • Reviewing current systems and procedures
  • Understanding what level is required 
  • Developing a cost effective compliant hosting solution 
  • Managing compliance through migration
  • We partner with industry leading QSA’s
  • Assisting through he assessment process 
  • Continued monitoring for annual reviews
  • Adjusting hosting needs as business needs change 

Our network and management infrastructures are audited manually and these audits are submitted to VISA, who then endorses us with being Level 1 PCI Compliant. We perform annual audits and quarterly network scans, we are licensed to process in excess of 24 million transactions per year on our hosting architectures.

we will get all the details, while you take care of your bushiness 

Whether you need PCI Level 1, 2, 3, or 4 – or if you are not yet sure – our specialised technicians will work with you to create a solution tailored to your business. Our managed PCI services include the following:

Design,build,deploy and manage

We help you every step of the way: information security policies, secure network architecture design, and gap analysis. This is a core element of our day to operations within Hughes Info Tech.

Penetration Testing

Customized penetration testing service provides a comprehensive analysis of your level of protection against compromise. This includes network and application security testing provided by an approved scanning vendor.

Audit Support

The key to a successful and painless audit is a proper log trail. We provide all the data (security logs, policies, testing results, etc.) you need to satisfy your QSA and prove your compliance requirements.

Network Vulnerability Scans

We manage the network starting with a “deny-all” default firewall setting, then maintain it with the latest patches, anti-virus agents, and enforce remote authentication to individuals. These measures ensure you have up to date protection from the latest threats, and fulfils annual PCI DSS hosting compliance requirements.

Working with your Qualified Security Assessor (QSA)

We are ready to work with your existing QSA, or can recommend one. Our experience means we understand the importance of the relationship between you and the QSA in making audits quick and efficient.

24X7X365 Monitoring and auditing

In addition to ensuring network performance, our constant monitoring means that nothing happens without proper documentation. You will always have the evidence you need for your audit.

Do I need to be PCI DSS compliant?

If your business processes credit card transactions, or maintains paper records, you need to be PCI DSS compliant. It doesn’t matter if you only take credit card orders over the phone, in person, on your website, or through a third party processor. The requirements though, for becoming PCI DSS compliant depend upon how you take and maintain credit card information. If you have questions, contact us today and we can help you determine if you need PCI DSS compliant hosting.

Finding the best solution for your business

The goal of many companies offering hosting for PCI compliance is just that – to get you a compliance certificate. They will help you do what’s necessary to check off the boxes and pass your audit. The solutions they offer will meet the minimum requirements for your PCI level.

At Hughes Info Tech  we work with you to determine the right security solutions to meet your needs and regulatory requirements. Often this means that the services we provide exceed the standards set by PCI DSS.

Talk to us now to discuss how we can provide your perfect PCI hosting solution

PCI Compliance levels explained 

PCI Compliance levels are determined by the various credit card issuing brands such as Visa and MasterCard. The following categories define the criteria used by Visa, however most other brands refer to Visa, or have similar definitions to determine compliance levels.

6 million or more transactions per year

Level 1 compliance is required for any merchant processing six million or more transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations. Visa also reserves the right to require Level 1 compliance by any merchant they determine needs to be in order to protect the Visa system.

In order to obtain and maintain Level 1 compliance, merchants need to produce an annual report on compliance by a Qualified Security Assesor.

Between 1 and 6 million transactions per year

Level 2 compliance is required for any merchant processing between 1 million and six million transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online.

In order to obtain and maintain Level 2 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ).

Between 20,000 and 1 million transactions online per year

Level 3 compliance is required for any merchant processing between 20,000 and 1 million e-commerce transactions per year. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations.

In order to obtain and maintain Level 3 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans by an Approved Scan Vendor, and complete an Attestation of Compliance Form.

Less than 20,000 e-commerce transactions, or less than 1 million transactions offline per year

Level 4 compliance is required for any merchant processing less than 20,000 e-commerce transactions per year. It is also required of any merchant processing less than 1 million transactions via any other channel (telephone, in person, or otherwise non-ecommerce channel). All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations.

In order to obtain and maintain Level 4 compliance, it is recommended merchants complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans if applicable by an Approved Scan Vendor, and complete any additional requirements set forth by their merchant bank.