Many misunderstand PCI compliance and think having PCI compliance hosting make their store PCI compliant.

In this short KB, I will clear the air around PCI compliance.

What is PCI?

PCI stands for ‘Payment Card Industry’. PCI DSS is the Payment Card Industry Data Security Standard, an independent body created by American Express, Discover, JCB International, MasterCard and Visa.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Every eCommerce store has to be PCI compliant, irrespective of annual sales or volume. If the store has payment via credit card, it is required to be PCI compliant.

Does Breeze Offer PCI Compliant Hosting?

There is nothing like PCI Compliant Hosting.

An eCommerce store does not become PCI compliant only because the hosting is 'PCI compliant'.

The root of PCI compliant is providing the customers with a secure payment method and protecting the customer’s identity and transactions. The eCommerce owner is responsible for customers data, credit cards, storing and authenticating login information, and keeping the website secure.

Breeze can make sure that your store does not get hacked, and keeping the server secure. But the person running the store will be responsible for the store’s data.

If your site is not secure, due to any other reason beside hosting, such as poorly coded sites, outdated platform etc., Breeze cannot guarantee PCI compliance.

But it does not mean your website cannot be PCI Compliant with our web hosting. Most of our client are running their store with PCI Compliance.

If you like to go for PCI compliance (which you should be), and required to make changes in web hosting, we will gladly do it. Tell your requirements, and what changes you want from servers configuration, and our team will do it.

How to be PCI Compliant?

As I said, PCI Compliance is a security standard to keep the customers safe from any data theft.

PCI Security Data Standard has a Self-Assessment Questionnaire (SAQ), designed as a self-validation tool to assess security for cardholder data.

Here are the few things you can do to keep the store safe:

Ensure HTTPS

HTTPS and SSL Certificates are necessary for the eCommerce store owners. You can easily install SSL certificates from the Breeze Panel.

Let’s Encrypt certificates are accepted by PCI standards, but it is the are minimum you can do. Other types of certificates are costly but they are much secure. If you have a large store, you should consider using a custom SSL certificate.

Payment Gateways

The most challenging thing to handle is the payment gateway when it comes to PCI compliance. The good thing is you can do it with the help of a third-party.

Instead of creating your ‘secure’ payment method, use the third-party one, which is already PCI compliant. But note that using the third-party gateway does not ensure PCI compliant store or payment, you still have to make other aspects of store secure.

You have to read the PCI compliance guidelines of the payment gateway you are integrating on the eCommerce store.

PCI compliance with Stripe
PCI compliance with PayPal
PCI compliance with Braintree

But using third-party payment gateways can cut down your PCI effort by a lot.

Protecting Login

Keeping the login information secure is another vital factor while making PCI compliance store.

All the customer’s data stored on the website can be unlocked by hacking the account. That’s why keeping the username and password secure is critical.

Having two-factor authentication is the simplest way to tight the security of the login credentials.

You must provide the option to enable two-factor authentication to your customers. Also, you should enable 2FA on various accounts related to the website.

Activate a Firewall

Next thing is to activating a firewall. Firewall filters the spammy traffic, and unsecure bots that roam the Internet.

Breeze has inbuilt Firewall capabilities. You don’t have to worry about this section. However, if you like, you can add a third-party firewall to the website.

Final Words

Having PCI compliant hosting is one step towards the PCI compliance store. It does not make your store PCI compliant.

You have to look at and handle multiple security dimensions to make and keep the store secure.

I mentioned a few points that can help you move towards compliance, but you have to follow the procedure to be entirely compliant.
Was this article helpful?
Thank you!