Rufen Sie uns an: +41 (0)43 430 3940
 
 

PCI

Keep your customers safe while they shop

Your relationship with your customers is built on trust—but a server breach that compromises their private information can quickly ruin that relationship.

You can keep your customers safe by implementing PCI controls and pursuing PCI-DSS compliance. And we can help, with our full range of security solutions for your hosted environment.

How PCI-DSS and Rackspace can help

The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers' data-not just credit card data. Implementing PCI-DSS controls can help your customers to spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:

Plan

We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements

Do

We implement security controls that help you meet your requirements.

Check

You can use these services to monitor your security controls and hosted environment:

Vulnerability assessment
Penetration testing
Threat management
Log management

Act

We help you implement the changes you require.

PCI controls for your dedicated environment

You will need to enforce these 12 requirements from the PCI-DSS standard. Here's how we can help with each requirement.

 

You must implement the following PCI controls: Rackspace can help by providing:
Install and maintain a firewall configuration to protect cardholder data. Managed Firewall
Do not use vendor-supplied defaults for system passwords and other security parameters. Vulnerability Assessment Services
Protect stored cardholder data. Not applicable — you must implement this requirement
Encrypt transmission of cardholder data across open, public networks. SSL Certificates
Use and regularly update anti-virus software or programs. Managed End Point Protection Suite
Develop and maintain secure systems and applications. Web Application Firewall
Restrict access to cardholder data on a need-to-know basis. Managed Active Directory
Assign a unique ID to each person with computer access. Two-Factor Authentication
Restrict physical access to cardholder data. Data Center Security
Track and monitor all access to network resources and cardholder data. Log Management
Regularly test security systems and processes. Threat Management
Maintain a policy that addresses information security for all personnel. Not applicable — you must implement this requirement

 

Remember that simply hosting with Rackspace doesn't automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.

We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.

PCI and your cloud environment

When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenisation-replacing credit card data with meaningless numbers or "tokens". When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenised credit card data routes to your payment processor.

Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.

 

Haben Sie Fragen? Kontaktieren Sie uns.

Anrufen E-Mail schicken Chat öffnen