eCommerce Website PCI Compliance for the hosting server. Is Your eCommerce Website Hosting PCI Compliant?

Is Your eCommerce Website Hosting PCI Compliant?

Posted on 2/3/2016 by Sue Mayo Smith in PCI Compliance 2015 merchant responsibility in PCI 3.1 PCI Compliance PCI Compliance 2016 PCI Compliance 3.1

PCI Standard 3.1 will take effect June 30, 2018 (Updated Date) for all online storefronts and your hosting better be up-to-date. You've heard about the 2014 Year of the Breach when there was a rise in website data breaches by hackers. Credit card companies are making PCI Compliance Standards more difficult to meet, but it is saving everyone money in the long run.

PCI Compliance Security Standards are a set of 12 regulations created by the largest credit card companies to keep your credit card and personal information safe and away from hackers. These standards are updated every 3 years, but they need to be evaluated continually by manufacturers, developers, merchants, and processors.  

Your eCommerce hosting server must be set to accept a TLS Connection 1.2

The most recent update to the PCI DSS standards, version 3.1, was published in April 2015. For companies with eCommerce storefronts, version 3.1 requires more actions than simply answering a list of questions. You must also verify that your storefront software, your credit card processor, and your hosting provider meet the requirements laid out therein.   

Beginning June 30, 2018 (Updated Date,) your eCommerce hosting server must be set to accept a TLS Connection 1.2. Older servers may not be capable of using the most updated secure connections* so be aware.

Before June 30, 2018 (Updated Date) - Acceptable Connections
SSL 1.0
SSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1

June 30, 2018 and later (Updated Date) - Acceptable Connections
TLS 1.2

To find out the type of secure connection your online store is using, try following these steps:
  1. Open a Chrome browser and go to your online store. Now go to a product page.
  2. Place a product in the shopping cart as if you were buying it
  3. Proceed to Checkout (You should now have a URL that begins with https:// signifying that you are on a secure page.)
  4. Locate the padlock icon to the left of the URL. Click on the icon.  A dialog box will be presented that describes the connection.
  5. Click on "Connection"
  6. Look for, “...The connection uses TLS 1.2..." or it may say, "The connection uses TLS 1.0...."
Your hosting provider has until June 29, 2018 (Updated Date) to get their servers set up properly. After June 29th, if your hosting server is not set up to accept TLS 1.2, your site is not PCI compliant. If you have questions, try writing me at info@equaTEK.com and ask for Sue. 

* See PCI DSS Procedures 3.1 for full instructions and regulations

RECENT ARTICLES

Posted on 11/14/2017 by Equatek Interactive
Posted on 11/14/2017 by Equatek Interactive
Posted on 10/26/2017 by Equatek Interactive in Tips for Your Business
Posted on 10/26/2017 by Equatek Interactive
Posted on 10/4/2017 by Equatek Interactive