PCI DSS Compliance¶
The PCI Data Security Standard (PCI DSS)¶
The PCI DSS is a security standard that helps organizations to proactively protect customer account data. The standard constantly evolves to remain viable in today’s rapidly changing Internet and computing environment. It is reviewed at least every 24 months, and can be updated at any time. To learn more about the standard, visit www.pcisecuritystandards.org.
Compliance with PCI DSS and PA DSS¶
Credit card companies require compliance with PCI DSS for every entity that is involved in the storage, processing, or transmission of credit card information. Failure to comply can result in denial or revocation of your organization’s facility to process credit cards.
Furthermore, as these standards have become widely recognized, non-compliance places your organization at risk of legal and/or civil consequences if credit card information becomes compromised.
Compliance with PCI DSS is necessary whether or not you use Plesk to process transactions online. Even if you use a POS terminal or other methods to process transactions, and simply retain information in Plesk, you must ensure proper use of the program to maintain the security and confidentiality of customer data.
Since July 1, 2010, Credit Card Processors and Bank Card Acquirers have had to ensure that merchants and agents use only Payment Application Data Security Standard (PA DSS) compliant applications. Plesk is certified as compliant under the security standard that applies to software vendors that develop applications for sale to merchants to process and/or store cardholder data.
Plesk PCI DSS Compliance¶
To protect sensitive data hosted on your server and to make Plesk PCI DSS compliant, you should implement special security measures. Regardless of an operating system type you use, the measures are as follows:
- Ensure that software incorporates all security updates.
- Set up encryption of remote connections.
- Prohibit access to databases server from external addresses.
- Disable weak SSL/TLS/TLS ciphers and protocols for web servers, mail servers, and components.
- Prevent services from disclosing information about your data and versions of software you use.