Jhayes Posted January 2, 2013 Share Posted January 2, 2013 Hello: I asking about Reseller Hosting that is PCI Compliant. I have a Reseller Host web site, which is a ecommerce web site. I know it is on a shared server so it will never be compliant. Is there a hosting company that offers Reseller Hosting that can pass a security scan? I always thought all ecommerce sites should pass a security scan. Thanks for your feedback 0 Quote Link to comment Share on other sites More sharing options...
Troy Posted January 2, 2013 Share Posted January 2, 2013 Shared hosting doesn't mean PCI compliance cannot be achieved. We have all kinds of customers passing PCI scans on shared hosting. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Chris Posted January 2, 2013 Share Posted January 2, 2013 Shared hosting doesn't mean PCI compliance cannot be achieved. We have all kinds of customers passing PCI scans on shared hosting. That's correct - it's not to say Shared Hosting would not allow for PCI Compliance. It's going to hinder on the updates your hosting provider has made to services on the server regarding CVEs, as well as how you're storing your clients credit card data, either on the server or through a third party payment gateway, ie: Paypal. As well as various PHP configurations and use of an SSL. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS JamesX Posted January 2, 2013 Share Posted January 2, 2013 What compliance level you fall under can have an affect on whether or not shared hosting is suitable as well. 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted January 3, 2013 Share Posted January 3, 2013 What merchant type are you - 1 2 3 or 4 ? 0 Quote Link to comment Share on other sites More sharing options...
Jhayes Posted January 3, 2013 Author Share Posted January 3, 2013 I would be a Merchant 4 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted January 4, 2013 Share Posted January 4, 2013 So self-assessed and not storing card details - not so difficult, depending on how anal the scanning company you choose are 0 Quote Link to comment Share on other sites More sharing options...
brianoz Posted January 7, 2013 Share Posted January 7, 2013 Shared hosting doesn't mean PCI compliance cannot be achieved. We have all kinds of customers passing PCI scans on shared hosting. Security on shared hosting appears not to be particularly well understood even by large companies, having had technical debates with their admins. Two specific things I'd look for, to ensure the host actually understands (a lot do, of course): PHP scripts run as the actual user, not as a single user shared across all accounts; They have installed patches to protect against the symlink issue (not just a .htaccess setting which is easily overridden). If they haven't installed the patch, you should be able to set all your .php files to mode 600 which provides quite a good level of protection. (possibly some hosts are starting to do this anyway). I'm not sure whether the PCI scans actually pick these two up or not! But if you're not storing credit card info, your risk level is obviously a lot lower. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.