PCI DSS Compliant Hosting
Protect your Infrastructure and Achieve Compliance
As a company that processes credit card transactions, or stores credit card information, you are a target. In June 2014, the motivation behind 58% of all hacking attempts was Cyber Crime. There are new security breaches in the news every few months, usually affecting millions of credit card holders.
This means obtaining PCI DSS compliance for your business is more than a regulatory necessity. It is the way to ensure your business, and your customers, are protected. The maximum fine for PCI DSS compliance violations is £50,000. However, the loss of trust in your business due to a security breach could be devastating. Contrary to popular belief, obtaining PCI DSS compliance doesn’t have to be hard. All you need is a trusted partner with the experience and commitment to help you.
Global organisations trust us
We currently offer Level 1 PCI DSS compliant hosting to multinational corporations such as AXA Travel Insurance, AXA Assistance, LANDesk and TrustPay Global. They turned to us because we know what is necessary to become, and stay, compliant:
- Reviewing current systems and procedures
- Understanding what level is required
- Developing a cost effective compliant hosting solution
- Managing compliance through migration
- We partner with industry leading QSA’s
- Assisting through the assessment process
- Continued monitoring for annual reviews
- Adjusting hosting needs as business needs change
Our network and management infrastructures are audited manually and these audits are submitted to VISA, who then endorses us with being Level 1 PCI Compliant. We perform annual audits and quarterly network scans, we are licensed to process in excess of 24 million transactions per year on our hosting architectures.
Let us worry about the details. You worry about your business.
Whether you need PCI Level 1, 2, 3, or 4 – or if you are not yet sure – our specialised technicians will work with you to create a solution tailored to your business. Our managed PCI services include the following:
Design, build, deploy and manage
We help you every step of the way: information security policies, secure network architecture design, and gap analysis. This is a core element of our day to operations within Netplan.
Network Vulnerability Scans
We manage the network starting with a “deny-all” default firewall setting, then maintain it with the latest patches, anti-virus agents, and enforce remote authentication to individuals. These measures ensure you have up to date protection from the latest threats, and fulfils annual PCI DSS hosting compliance requirements.
Customised penetration testing service provides a comprehensive analysis of your level of protection against compromise. This includes network and application security testing provided by an approved scanning vendor.
Working with your Qualified Security Assessor (QSA)
We are ready to work with your existing QSA, or can recommend one. Our experience means we understand the importance of the relationship between you and the QSA in making audits quick and efficient.
The key to a successful and painless audit is a proper log trail. We provide all the data (security logs, policies, testing results, etc.) you need to satisfy your QSA and prove your compliance requirements.
24x7x365 monitoring and auditing
In addition to ensuring network performance, our constant monitoring means that nothing happens without proper documentation. You will always have the evidence you need for your audit.
Do I need to be PCI DSS compliant?
If your business processes credit card transactions, or maintains paper records, you need to be PCI DSS compliant. It doesn’t matter if you only take credit card orders over the phone, in person, on your website, or through a third party processor. The requirements though, for becoming PCI DSS compliant depend upon how you take and maintain credit card information. If you have questions, contact us today and we can help you determine if you need PCI DSS compliant hosting.
Finding the best solution for your business
The goal of many companies offering hosting for PCI compliance is just that – to get you a compliance certificate. They will help you do what’s necessary to check off the boxes and pass your audit. The solutions they offer will meet the minimum requirements for your PCI level.
At Netplan we work with you to determine the right security solutions to meet your needs and regulatory requirements. Often this means that the services we provide exceed the standards set by PCI DSS.
Talk to us now to discuss how Netplan can provide your perfect PCI hosting solution
Guaranteed compliance or your money back
It may be a bold statement, but we can confidently guarantee PCI compliance at the appropriate level for your business. Which standards apply to you varies based on the number of transactions you process annually as well as other details relating to data storage and infrastructure. We can ensure that you have the proper solution and that you’ll achieve compliance or we will give your money back.
Every minute your business is not compliant is a minute that you are vulnerable to fraud and cyber-attacks. Contact us today for a free consultation with one of our PCI compliance experts. We’ll work with you to make obtaining PCI compliance as quick and stress free as possible.
PCI Compliance levels explained
PCI Compliance levels are determined by the various credit card issuing brands such as Visa and MasterCard. The following categories define the criteria used by Visa, however most other brands refer to Visa, or have similar definitions to determine compliance levels.
6 million or more transactions per year
Level 1 compliance is required for any merchant processing six million or more transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations. Visa also reserves the right to require Level 1 compliance by any merchant they determine needs to be in order to protect the Visa system.
In order to obtain and maintain Level 1 compliance, merchants need to produce an annual report on compliance by a Qualified Security Assesor.
Between 1 and 6 million transactions per year
Level 2 compliance is required for any merchant processing between 1 million and six million transactions per year, regardless of channel. All transactions performed by the merchant are aggregated, whether they occurred over the phone, in person or online.
In order to obtain and maintain Level 2 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ).
Between 20,000 and 1 million transactions online per year
Level 3 compliance is required for any merchant processing between 20,000 and 1 million e-commerce transactions per year. All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations.
In order to obtain and maintain Level 3 compliance, merchants need to complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans by an Approved Scan Vendor, and complete an Attestation of Compliance Form.
Less than 20,000 e-commerce transactions, or less than 1 million transactions offline per year
Level 4 compliance is required for any merchant processing less than 20,000 e-commerce transactions per year. It is also required of any merchant processing less than 1 million transactions via any other channel (telephone, in person, or otherwise non-ecommerce channel). All transactions performed by the merchant are aggregated if the data is stored, processed or transmitted together, even if the transactions are performed under multiple Doing Business As (DBA) organisations.
In order to obtain and maintain Level 4 compliance, it is recommended merchants complete an annual Self-Assessment Questionnaire (SAQ), perform quarterly network scans if applicable by an Approved Scan Vendor, and complete any additional requirements set forth by their merchant bank.