On 7/24/2018 12:00 PM, ausnog-requ...@lists.ausnog.net wrote:
I would be surprised if any shared/public hosting environment can also
deliver PCI compliance as a result. Dedicated tin ensuring segregation
between your systems and those of $RANDOM_STRANGER is required.
Or have we forgotton meltdown/spectre?
Shared hosting by itself is not PCI compliant.
You can't store credit / debit card info on a shared server even with an
SSL certificate.
You can however use a payment gateway such as Eway to collect the info
required and handle payments or Paypal is the other option or any number
of other solutions.
Unless the organisation is ISO 27001 certified they shouldn't even think
of storing payment info that isn't counting the money you need to spend
on the PCI DSS side of things.
I'd just ban anyone from storing card info on the server as its way too
much of a security risk think what happened to Cyanweb.com.au when they
were brute forced and the hackers destroyed the lot including the
billing system.
--
Chad Kelly
Manager
CPK Web Services
Phone 03 5273 0246
Web www.cpkws.com.au
_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
