GreggHosting offers PCI Compliant Hosting
We’re frequently asked if GreggHosting provides PCI-compliant Hosting, so we’ll take a look at it today. Many people are unaware that every eCommerce store that receives, stores, or transmits credit card data, regardless of annual sales amount, must be PCI compliant. As a result, it’s critical to devote some time to learning more about PCI compliance and how it affects your organization.
What is PCI?
“Payment Card Industry” is the abbreviation for “Payment Card Industry.” This is frequently related to the Payment Card Industry Data Security Standard or PCI DSS. It’s essentially a set of security guidelines for all businesses that take, store, and transfer credit card information. This was created to safeguard consumer information and ensure that credit card information is processed in a secure manner.
American Express, Discover, JCB International, MasterCard, and Visa each have their own compliance systems, however, they are all bound by the PCI Security Guidelines Council’s security standards (of which they are founding members).
Does GreggHosting Offer PCI-Compliant Hosting?
It’s crucial to remember that just because a host is PCI compliant doesn’t ensure you’ll be compliant if you choose them to host your website. The reason for this is that you, as the website owner, bear the brunt of the duty for guaranteeing security. If you run a WooCommerce store, for example, you are ultimately responsible for handling customer data, processing payment cards, storing and validating login information, and keeping your site’s code up to date.
GreggHosting does not guarantee PCI compliance, and we can’t audit your site to make sure you’re following the rules. However, just because you’re Hosting your website with us doesn’t imply you can’t be PCI compliant. Many of our clients have worked with third-party auditors to pass PCI compliance audits. We’ve had to make a few minor tweaks in many of these cases upon request, but these clients were able to pass the audit just fine with a little fine-tuning on both our and their ends.
While we do not directly participate in the audit process because it is the website owner’s obligation, we can make certain improvements upon request.
How to Be Compliant
Here are a few best practices to follow at GreggHosting to maintain compliance:
1. Questionnaire for PCI Self-Assessment
Annually, fill out a Self-Assessment Questionnaire (SAQ) to see if your payment processing infrastructure is PCI compliant.
TLS (Transport Layer Security) and HTTPS (Hypertext Transfer Protocol Secure
So that your website uses HTTPS, serves your payment pages securely using a contemporary version of TLS (1.2 or higher) (encrypted connections). On our servers, GreggHosting keeps TLS versions up to date, and you can easily install an SSL certificate from your My GreggHosting dashboard.
This article will show you how to install an SSL certificate on WooCommerce.
Note that domain-validated (DV) certificates are presently accepted by PCI (payment card industry) requirements, which implies free Let’s Encrypt certificates can be utilized. These rules, however, may alter in the future. You can always install a bespoke SSL certificate if you aren’t happy with this or if an auditor advises against it. This also provides additional security, such as a guarantee in the event of a data breach.
Please read our TLS versus SSL comparison.
3. Use a third-party provider to process payments.
Processing credit card transactions through a third-party supplier is one of the simplest ways to potentially simplify PCI compliance. You can easily integrate a payment gateway like Stripe or PayPal into your WooCommerce or Easy Digital Downloads store. However, you should still review their PCI compliance rules, as processing credit cards off-site does not always imply compliance. It’s possible that extra measures are required.
Do you want to discover how we grew our traffic by over 1000%?
Join the 20,000+ people who receive our weekly email with WordPress insider secrets!
Now is the time to subscribe.
Stripe’s PCI compliance
PayPal’s PCI compliance
Braintree’s PCI compliance
Authorize.net’s PCI compliance
4. Set up a Firewall
Another suggestion is to set up and use a firewall to help filter out undesirable traffic. To prevent access to your data, we use Google Cloud Platform’s enterprise-level firewalls, active and passive security, and other advanced capabilities.
However, for further security, you can use a third-party web application firewall (WAF) such as Sucuri or Cloudflare.
Sucuri’s PCI compliance
Cloudflare’s PCI compliance (Cloudflare can assist you in meeting PCI DSS 2.0 and 3.0 Requirement 6.6 with use of their WAF).
5. Authentication with two factors
Two-factor authentication is a two-step process that requires not just your password but also a second means of authentication. Enabling two-factor authentication on both your host’s control panel and your WordPress site can assist prevent illegal access.
On My GreggHosting, enable two-factor authentication.
On your WordPress site, enable two-factor authentication. Security in Data Centers
GreggHosting leverages Google Cloud Platform, which employs cutting-edge security measures throughout its data centers, including custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. Laser beam intrusion detection is installed on the data center floor.
Their data centers are guarded by security personnel who have passed stringent background checks and are watched by high-resolution cameras 24 hours a day, 7 days a week. In the event of an incident, every action and activity is logged and recorded.
All data in transit between Google, clients, and data centers, as well as data in all Cloud Platform services, is secured. Data on persistent disks is encrypted with 256-bit AES, and each encryption key is encrypted with a set of often updated master keys.
GCP’s Compute Engine service has been certified as PCI DSS 3.2 compliant by an independent Qualified Security Assessor. This does not, however, imply that you are PCI compliant. Everything we’ve said thus far still applies because you’re the one in charge of making sure your site is PCI compliant.
The PCI Attestation of Compliance and SOC 2 reports from GCP are not available to the public. After signing a non-disclosure agreement, these documents are only available directly from GCP. As a result, if you require access to these documents, you must establish a direct relationship with GCP in order to request them.
Learn more about the security of Google Cloud Platform.
Note: The above information is provided to assist you with PCI compliance-related questions. However, we are not in charge of determining your compliance. A third-party auditor should always be in charge of this.
Save time, money, and improve site performance by using:
Expert WordPress hosting assistance is available 24 hours a day, 7 days a week.
Integration with Cloudflare Enterprise.
With 29 data centers across the world, we can reach a global audience.
With our built-in Application Performance Monitoring, you can improve your performance.
All of this and more is included in a single plan that includes no long-term obligations, aided migrations, and a 30-day money-back guarantee. Check out our plans or speak with a sales representative to find the ideal plan for you.