PCI means “Payment Card Industry.” You will come across this term in the context of PCI DSS: the Payment Card Industry Data Security Standard. This set of security standards is created to protect users and ensure that payment data is securely handled.
Hostonce and PCI Compliant Hosting
We often receive the query if Hostonce offers PCI compliance hosting. Many have no idea that all e-commerce stores that process or transmit credit card data must be PCI compliant, irrespective of their annual sales volume.
We feel it is necessary to highlight that a host being PCI compliant does not mean that their website is. The reason is that PCI DSS compliance hosting works with a shared responsibility model.
Hostonce operates as a managed WordPress hosting provider. We are responsible for securing the server infrastructure, supporting secure TLS (HTTPS) connections, enforcing network-level protections, and keeping updated operating system patches. Anything above the infrastructure layer, such as a WordPress installation, theme and plugin management, and site configuration, is all under your control.
Hostonce does not guarantee PCI DSS hosting. We cannot audit your website to find out what it lacks. This does not mean that you cannot be PCI compliant when hosting with us. We are not direct in the process, but we are glad to help with particular changes.
Get Secure and Fast Hosting with Hostonce!
Tired of bad hosting services? Try Hostonce this time and to have a blast of an experience in quite reasonable pricing!
How to be Complaint at Hostonce
Follow these best practices to ensure you are compliant at Hostonce.
PCI Self-Assessment Questionnaire
Make sure to fill out a Self-Assessment Questionnaire (SAQ). It will help you determine if your payment processing setup is PCI compliant or not.
HTTPS and TLS
Use TLS 1.3 (preferred) to serve your payment pages. TLS 1.2 is for enabling HTTPS (encrypted connections). PCI DSS 4.0 needs a secure TLS configuration, including regular security assessments and stronger cipher suites. Hostonce always keeps TLS versions updated.
Payments via Third-Party Provider
One of the simplest ways to simplify PCI is to process credit card transactions through a third-party provider. You can hook up your Easy Digital Downloads or WooCommerce store easily with a payment gateway, such as PayPal or Stripe.
Be certain to go through their PCI compliance guidelines, as just processing credit cards off-site doesn’t guarantee compliance.
Firewall Implementation
PCI DSS demands that systems handling cardholder data are protected by implemented firewalls for control access and unauthorized access block. Hostonce benefits every site from two layers of firewall protection:
- Google Cloud Platform’s network firewall blocks suspicious traffic way earlier than it reaches the hosting environment.
- Cloudflare’s edge firewall is involved as part of Hostonce’s free Cloudflare integration. It provides an application layer and additional protection at the DNS, which includes DDoS mitigation and smart traffic filtering.
Perform Regular Security Testing
PCI DSS 4.0 involves specific needs for ongoing security testing. This includes file integrity monitoring, penetration testing, and vulnerability scanning to address and detect potential security threats before they turn into issues.
Hostonce protects your environment with features like infrastructure-level safeguards, hardware firewalls, malware scanning, and DDoS mitigation.
Multi-factor Authentication
Multi-factor authentication (MFA) is a security technique that requires users to provide credentials before they gain access. It is commonly called two-factor authentication (2FA), which is a special form of MFA that uses two factors. PCI DSS 4.0 uses the term MFA and expands the situations whenever required.
In PCI DSS 4.0, MFA is mandatory for:
- All remote access to those systems that deal with payment data.
- Full administrative access to payment processing systems.
- Any access to the cardholder data environment (CDE).
At Hostonce, you enable MFA to help secure your Hostonce dashboard as well as your WordPress admin area. We highly recommend enabling the method in both places to reduce the risks of unauthorized access.
Data Centre Security
Hostonce uses Google Cloud Platform, which implements the highest art security across all data centres: safeguards like biometrics, metal detectors, perimeter fencing, vehicle access barriers, alarms, and electronic access cards. The data centre floor contains laser beam detection.
The data centres there are highly monitored 24/7 by high-quality cameras and are patrolled by security guards who undergo strict background checks. Every action and activity is monitored in case an accident occurs.
GCP’s SOC 2 and PCI Attestation of Compliance reports are unavailable to the public. These documents can be accessed only directly from GCP when you enter a non-disclosure agreement with them. You know what it means, right? If you want access to these documents, you must build a relationship with GCP first.
Having said all that, if you found this read good, do check out other helpful Hostonce articles here.
