[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Matthew Macdonald-Wallace wrote:
Quoting Robin Cornelius <robin.cornelius@xxxxxxxxx>:On Thu, Mar 18, 2010 at 11:40 AM, Matthew Macdonald-Wallace <matthew@xxxxxxxxxxxxxxxxxxxxx> wrote:To put it bluntly (and to top-post at the same time!): You cannot run a website on a shared hosting environment and be PCI compliant. It's just not possible.Is a Virtual server acceptable, that gives a full OS, root access on a VPS? or does it have to be a dedicated physical box?It depends who you talk to. From my point of view (and I'm not an expert, just someone who works with PCI almost everyday at the moment!), unless you can prove that the underlying hardware that is running the CPS and all other VPS systems that are running on that hardware node are PCI compliant as well as all the routers and other hardware that connect to it, then you're safe!PCI applies to any computer system that stores, processes or transmits Payment Card Data _and_ any system that connects directly to those systems!To be frank, it's a complete PITA... :( M.
...and something that Argos aren't good at it seems. http://www.theregister.co.uk/2010/03/05/argos_email_security_snafu/ Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html