eCommerce Web Hosting
The difference between eCommerce website hosting and regular Web hosting is CREDIT CARD DATA. Credit card data must be managed in accordance with the PCI (Payment Card Industry) DSS mandate issued by VISA (aka CISP).let's talk
What is eCommerce Website Hosting?
The difference between eCommerce website hosting and general Web hosting is CREDIT CARD DATA. Credit card data must be managed in accordance with the PCI (Payment Card Industry) DSS mandate issued by VISA (aka CISP). Both eCommerce web hosting companies and e-merchants must comply.
|eCommerce Website Hosting and Design|
|Mountain Media offers comprehensive eCommerce Web site development services which include:
PCI compliance is a set of rules that govern all aspects of persons, processes and software that come in contact with credit card data i.e. ecommerce software, ecommerce web hosting, and the personnel that comes in contact with credit card data.
This is how Visa describes it. The Visa Cardholder Information Security Program (CISP) aims to secure Visa cardholder data wherever it resides, requiring that members, merchants, and service providers maintain the highest information security standards. CISP compliance is required of all entities that store, process, or transmit Visa data.
It you have an online store that means you! Keep in mind the fines are business-closing steep.
What is a PCI compliant eCommerce Web hosting environment?
The list of items that make up a PCI compliant data center is long. Click here to download the complete PCI-DSS. The following is a short list of some of the requirements:
PCI DSS e-Commerce Web Hosting Requirements
- All technicians that manage systems must have background checks before starting employment as well as adhere to a host of HR procedures
- Physical access to the data center must have robust authentication systems in place, i.e. biometric security etc.
- Video surveillance of data center access points with 3-month storage
- Firewall systems with stringent rule sets
- Intrusion detection systems
- Host Intrusion detection systems
- Data servers must be on a private network (behind a second firewall with strict access rules)
- Server maintenance and upgrades must follow strict procedures and policies
An eCommerce Web hosing provider must create and maintain an Information Security Policy that literally governs every aspect of designing a secure network to managing the human
resources that interact with that network. Each year an ecommerce hosting provider must hire a certified PCI auditing firm to conduct an annual on-site audit. The results of that audit are sent to Visa to verify the ecommerce web hosting provider is in compliance and grants a certification.
Becoming and maintaining PCI compliance is an expensive, time consuming process. The mandatory annual audits cost an average of $10k each year. Implementing the necessary human resource guidelines and policies as well as the data center requirements often cost an organization hundreds of thousands of dollars and years to implement. Just the cost of PCI compliance alone puts the idea of building and maintaining an in-house eCommerce web site hosting environment out of reach for most companies.
PCI Compliant eCommerce web site design
If you want to develop an in-house eCommerce web site you may want to consider this first. There are just as many hoops to jump through with regards to developing a PCI compliant ecommerce web site. Rotating encryption keys, multi-level permissions for administrators and other complex programming criteria need to be met. Consider engaging a professional ecommerce web hosting and design services company to simplify the task. It will save you time and money.
Professional web hosting and eCommerce
Mountain Media has been providing professional ecommerce hosting and design services for almost 10 years. Let us help you to develop the custom tailored solution for your unique eCommerce needs.