Dear All Clients

With immediate effect, we are happy to announce that we provide servers that are PCI DSS Compliant. Please note that as the whole process go beyond just server security, you would still need to follow the guidelines that pertain to your business process and card storing procedures. In short, just signing up for our service do not make you qualify automatically.

PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. A company processing, storing, or transmitting payment card data must be PCI DSS compliant.

The control objectives and their requirements are:

* Build and Maintain a Secure Network
o Requirement 1: Install and maintain a firewall configuration to protect cardholder data - Yes! We provide this. All our servers have firewalls on the server. On top of that we have a parameter firewall that protects all our servers.
o Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters - Yes! We provide this. All services in use are hardened before we start deploying a server

* Protect Cardholder Data
o Requirement 3: Protect stored cardholder data - Client to note.
o Requirement 4: Encrypt transmission of cardholder data across open, public networks - Yes! We provide this. All services that transmit data are secured with SSL: Emails (IMAP, POP3, SMTP), Cpanel (WHM, Webmail, Cpanel) and FTP

* Maintain a Vulnerability Management Program
o Requirement 5: Use and regularly update anti-virus software - Yes! We provide this. Antivirus is upgraded within a week of new versions, and antivirus signatures are updated hourly.
o Requirement 6: Develop and maintain secure systems and applications - Yes! We provide this. All systems and applications are hardened before use.

* Implement Strong Access Control Measures
o Requirement 7: Restrict access to cardholder data by business need-to-know
o Requirement 8: Assign a unique ID to each person with computer access
o Requirement 9: Restrict physical access to cardholder data - Yes! We provide this.

* Regularly Monitor and Test Networks
o Requirement 10: Track and monitor all access to network resources and cardholder data - Client to note
o Requirement 11: Regularly test security systems and processes - Yes! We provide this. All systems are probed and checked regularly.

* Maintain an Information Security Policy
o Requirement 12: Maintain a policy that addresses information security - Client to note


If you have any questions, please feel free to contact us.