Keep your customers safe while they shop
Your relationship with your customers is built on trust—but a server breach that compromises their private information can quickly ruin that relationship.
You can keep your customers safe by implementing PCI controls and pursuing PCI-DSS compliance. And we can help, with our full range of security solutions for your hosted environment.
How PCI-DSS and Rackspace can help
The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers' data-not just credit card data. Implementing PCI-DSS controls can help your customers to spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:
We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements
We implement security controls that help you meet your requirements.
You can use these services to monitor your security controls and hosted environment:
We help you implement the changes you require.
PCI controls for your dedicated environment
You will need to enforce these 12 requirements from the PCI-DSS standard. Here's how we can help with each requirement.
|You must implement the following PCI controls:||Rackspace can help by providing:|
|Install and maintain a firewall configuration to protect cardholder data.||Managed Firewall|
|Do not use vendor-supplied defaults for system passwords and other security parameters.||Vulnerability Assessment Services|
|Protect stored cardholder data.||Not applicable — you must implement this requirement|
|Encrypt transmission of cardholder data across open, public networks.||SSL Certificates|
|Use and regularly update anti-virus software or programs.||Managed End Point Protection Suite|
|Develop and maintain secure systems and applications.||Web Application Firewall|
|Restrict access to cardholder data on a need-to-know basis.||Managed Active Directory|
|Assign a unique ID to each person with computer access.||Two-Factor Authentication|
|Restrict physical access to cardholder data.||Data Center Security|
|Track and monitor all access to network resources and cardholder data.||Log Management|
|Regularly test security systems and processes.||Threat Management|
|Maintain a policy that addresses information security for all personnel.||Not applicable — you must implement this requirement|
Remember that simply hosting with Rackspace doesn't automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.
We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.
PCI and your cloud environment
When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenisation-replacing credit card data with meaningless numbers or "tokens". When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenised credit card data routes to your payment processor.
Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.