The Payment Card Industry Data Security Standards (PCI DSS) have been introduced by the leading credit card associations as a means of standardising the level of security surrounding card payments and to reduce credit card fraud. Compliance with the PCI DSS is a mandatory requirement for all organisations that store, process, or transmit cardholder information.

As part of their ongoing compliance requirements, many organisations whose e-commerce environment is hosted by a third party (hosting provider), are required to have an independent datacentre inspection. In addition, if a hosting provider is providing managed services to their customers' transaction environment, they will be required to have their managed services validated as PCI DSS Compliant.

Hosting providers are defined as either:

  • Un-Managed Hosting Provider - providing hosting facilities only for their customers. The following PCI DSS Requirements apply to Unmanaged Hosting Providers:
    • Requirement 9 - Restrict Physical Access to Cardholder Data.
    • Requirement 12 - Maintain a policy that addresses information security for employees and contractors.
  • Managed Hosting Provider - providing managed services to their customers and/or hosting facilities. Managed Hosting Providers are required to be compliant for all aspects of the PCI DSS that apply to their respective managed services.

Foregenix offers a hosting provider PCI approval service, providing approval for both managed and un-managed hosting providers, which is recognised by the card schemes and contributes to the compliance of any hosted clients. The Foregenix compliance services for Hosting Providers comprise straightforward, cost-effective solutions for achieving compliance with PCI DSS; these include:

  • Pre-Compliance/Gap Analysis - onsite review and gap-analysis provides a structured framework that facilitates straightforward compliance.
  • Penetration Testing - customised penetration test service provides a comprehensive analysis of a network's security and level of protection against compromise, both internally and externally.
  • Consultancy - Assistance with information security policies and procedures; secure network architecture design; gap analysis; supply, configuration, and on-site implementation of proprietary or third party security devices.
  • Compliance Assessment Service - onsite review of all of the requirements and submission of the Report On Compliance to the card schemes.

If you have a security issue, or requirement, please get in touch with us for assistance on:
+44 (0) 845 3096232 or info@foregenix.com.

News

Apply for 30 day trial licence of FScout.
forensics The forensic specialists in EMEA.
compliance We specialise in PCI DSS and PA-DSS.
fscout Identify your unprotected cardholder data.
training-courses PCI DSS, PA-DSS, Security.
fg_logo.png