The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.
If you accept credit cards for payment you have both a contractual obligation to your bank, as well as an ethical obligation to your customers to protect user data by becoming PCI compliant. This means different things to different companies depending on how they handle the card data and how many credit card transactions they process.
There are three critical questions any hosting provider needs to ask:
- What is your merchant level?
- What is the applicable PCI SAQ validation type?
- What is “in-scope” for PCI compliance on your network?
Be wary of anyone who doesn’t ask these questions right from the beginning before giving you a proposal!
Always remember: Compliance is not an end in itself. The ultimate goal of compliance is protecting Payment Card Information (PCI) by not having a breach!