If you take payments online, security and PCI compliance are an issue for you. Keeping up with security for maintaining PCI compliance can be time consuming. Depending on how strict you have to comply, it could be something so difficult that you need an outside company to handle it as well. We at thirty bees take security seriously, PCI compliance is something we thought about early on.
Hosting
The first step in being PCI compliant is the hosting. You need to use a host that maintains the latest versions of the server software. Just like Windows needs periodic updates, your server need the same. When you run your own server without management, it is you who is responsible for these updates. Some weeks you can go without updating anything, other weeks you might have to update a package everyday. This is the main benefit of having a managed host, they handle the updating of the different packages on a server for you. I am sure not many merchants know this, but to run any application like thirty bees on a web server it takes around 150 different packages. 30 or so packages for PHP, several for your mail, one for handling SSL certificates, a couple for your database, one for your SSH, they just keep stacking up. Its easy to lose track of which ones need security patches.
This scenario is a main reason we have partnered with A2 Hosting. They are just as serious about security as we are. They keep the software on their machines updated to run the safest, most secure versions of the software to keep your site safe. They also offer FREE SSL certificates for all of their sites. Not only does this help promote good security, having your site covered by a SSL certificate is now a ranking factor in Google. So not only is your site secure, it is getting a ranking boost by having the SSL certificate. If you are as serious about speed and security as we are, you should checkout A2 Hosting, they are your first step in being PCI compliant.
Payment Gateway
The next piece to the PCI puzzle is your payment gateway. Some are designed to help with PCI compliance, while others are designed to make it more complicated. This is why we have partnered with CloudSwipe. CloudSwipe hosts the payment page on their PCI compliant server, that takes the burden of having a PCI compliant payment gateway off of you the merchant. CloudSwipe gives you access to over 170 PCI complaint gateway integrations. Odds are they have support your gateway and can make you PCI compliant with their FREE thirty bees module.
A lot of merchants never realize that card issuers hold merchants liable for card leaks. The average fee that the card issuers charge merchants is $2500 per card that is leaked. This can add up very quickly and can even put your business at risk. Why take the chance, when you can use CloudSwipe to handle your payment gateway PCI compliance?
