Page 1 of 2 12 LastLast
Results 1 to 10 of 36

Hybrid View

  1. #1
    Join Date
    Jul 2008
    Posts
    19
    Plugin Contributions
    0

    Default PCI compliance on shared server?

    Recently, while still working on my WPP implementation, I've started worrying about meeting the PCI compliance requirements. I sent a quick note to my hosting company, who responded:

    "Because these are shared servers they will never be 100% PCI compliant. You would need a dedicated server for that."

    I pushed a bit, saying that I realized that a security scan would likely identify some potential vulnerabilities, but would they be serious enough that we would not receive a passing report? I also asked whether they were aware of any other clients on their shared hosting plan that had achieved PCI compliance. The answer:

    "We have told them if they need PCI compliance to go with a dedicated server that is PCI compliant."

    Obviously, this does not inspire confidence, though I haven't actually submitted the site to a scan yet and so can't say for sure what the results might be. (By the way, is Paypal going to ask me for a copy of the scan result?)

    So I guess my question is whether anybody has successfully implemented WPP and achieved the required PCI compliance in a shared hosting environment. (If so, and if this isn't against forum rules, I'd also be curious to know the name of the hosting company.)

  2. #2
    Join Date
    Jun 2003
    Posts
    33,715
    Plugin Contributions
    0

    Default Re: PCI compliance on shared server?

    You would not necessarily need a dedicated server - just a dedicated IP and Security certificate.

    Before getting too worried about it- you might ask PayPal if they are going to require a PCI scan.
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  3. #3
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: PCI compliance on shared server?

    dkoehler,

    their statement is false,
    we have many clients that are PCI Compliant on shared servers
    Zen cart PCI compliant Hosting

  4. #4
    Join Date
    Jul 2008
    Posts
    19
    Plugin Contributions
    0

    Default Re: PCI compliance on shared server?

    I took Kim's advice and spoke to somebody at Paypal, who told me that he didn't expect Paypal to ask for a PCI scan, and that if I was asked it would be by one of the credit card companies.

    So I guess that doesn't entirely solve my problem, but at least postpones it for a while. Good to hear that it's possible to achieve PCI compliance on a shared server. Seems that the worst case scenario is that I'll have to switch to a hosting company that is more prepared to help its clients with this issue.

  5. #5
    Join Date
    Sep 2006
    Posts
    78
    Plugin Contributions
    1

    Default Re: PCI compliance on shared server?

    Dkoehler

    I have been using WPP on a few sites for a while, i have not been asked to acheive PCI DSS as of yet and have been accepting payments for about 6 months, my host is PCI DSS Compliant, if you require the hostname send me a pm and i will let you know, i wouldn't worry too much though as it is unlikly a CC company will need to PCI scan you.

    Rob

  6. #6
    Join Date
    Nov 2004
    Location
    Norfolk, United Kingdom
    Posts
    3,036
    Plugin Contributions
    2

    Default Re: PCI compliance on shared server?

    It's usually the Banks that ask for PCI compliancy, when you have an Internet Merchant ID with them. Only some Banks will ask for PCI compliance., and even then they will only usually require it of sites which sell high-value high-tech items in large quantities.

    As to whether a shared server can be made to be PCI compliant depends upon whether or not the Bank asking for the scan requires you to use a specific scaning company and what the scanning company requirements are. Mc Afee Security Scan have recently changed their requirements to such an extent that it cannot be achieved on a shared server without causing inconvenience to all other customers.

    I find this rich coming from McAfee, as their Virus Scanning software lets through so many viruses that we dumped them years ago.

    Vger

  7. #7
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: PCI compliance on shared server?

    vger,

    we have several folks using mcafee with no issues and no hardships.
    Zen cart PCI compliant Hosting

  8. #8
    Join Date
    Nov 2004
    Location
    Norfolk, United Kingdom
    Posts
    3,036
    Plugin Contributions
    2

    Default Re: PCI compliance on shared server?

    You may want to wait until they have their next scheduled McAfee Security Scan before saying that.

    We had no problems either, until a scheduled security scan came around and failed (where previously it had passed).

    But it may depend on your server setup as to whether their new conditions are a problem for your customers.

    Rather than go into detail here I'll send you a PM.

    Vger


    Quote Originally Posted by Merlinpa1969 View Post
    vger,

    we have several folks using mcafee with no issues and no hardships.

  9. #9
    Join Date
    Sep 2006
    Posts
    277
    Plugin Contributions
    2

    red flag Re: PCI compliance on shared server?

    i, also have issues with the PCI scans... according to the scan, the PHP version isn't the one our host uses. could Zencart override the host settings when they scan our site? then, how do i get certified when Zencart is running an "unsecure" php version?
    can you private me w/answer if that would be safer?

  10. #10
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: PCI compliance on shared server?

    zencart has nothing to do with the version of php

    thats ALL your host

    you can see what version they are running by going to your ZC -> admin -> tools -> server settings
    Zen cart PCI compliant Hosting

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. PCI Compliance
    By dereck72 in forum General Questions
    Replies: 7
    Last Post: 4 Nov 2015, 12:47 AM
  2. v152 Do I need get server PCI compliance if using Paypal
    By imfsub12 in forum General Questions
    Replies: 1
    Last Post: 21 Jan 2014, 07:35 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR