Keep your customers safe while they shop
Did you know:
- Most victims of cyber attacks are targets of opportunity
- In 2011, only about 4% of cyber attacks were technically sophisticated
- Server compromises increased in 2011, up 18% from 2010
- Most companies that run compromised websites are unaware of a security breach for weeks
- 97% of website security breaches are avoidable by means of simple or intermediate PCI controls
Source: VerizonBusiness.com, 2012 Data Breach Investigations Report.
“Rackspace is definitely a trusted partner considering we have to be PCI compliant.”
Sunny Dhillon
Technical Operations Manager, Coastal.com
Technical Operations Manager, Coastal.com
How PCI-DSS and Rackspace can help
The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers’ data—not just credit card data. Implementing PCI-DSS controls can help your customers spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:
Plan
Plan
We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements.
Do
Do
We implement security controls that help you meet your requirements.
Check
Check
You can use these services to monitor your security controls and hosted environment:
- Vulnerability assessment
- Penetration testing
- Threat management
- Log management
Act
Act
We help you implement the changes you require.
PCI controls for your dedicated environment
You will need to enforce these 12 requirements from the PCI-DSS standard. Here’s how we can help with each requirement.
| You must implement the following PCI controls: | Rackspace can help by providing: |
|---|---|
| Install and maintain a firewall configuration to protect cardholder data. | Managed Firewall |
| Do not use vendor-supplied defaults for system passwords and other security parameters. | Vulnerability Assessment Services |
| Protect stored cardholder data. | Not applicable — you must implement this requirement |
| Encrypt transmission of cardholder data across open, public networks. | SSL Certificates |
| Use and regularly update anti-virus software or programs. | Managed End Point Protection Suite |
| Develop and maintain secure systems and applications. | Web Application Firewall |
| Restrict access to cardholder data on a need-to-know basis. | Managed Active Directory |
| Assign a unique ID to each person with computer access. | Two-Factor Authentication |
| Restrict physical access to cardholder data. | Data Center Security |
| Track and monitor all access to network resources and cardholder data. | Log Management |
| Regularly test security systems and processes. | Threat Management |
| Maintain a policy that addresses information security for all personnel. | Not applicable — you must implement this requirement |
Remember that simply hosting with Rackspace doesn’t automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.
We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.
PCI and your cloud environment
When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenization—replacing credit card data with meaningless numbers or “tokens”. When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenized credit card data routes to your payment processor.
Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.
Learn more about Security & Compliance at Rackspace
Learn how we can support your online store