Did you know:
Source: VerizonBusiness.com, 2012 Data Breach Investigations Report.
“Rackspace is definitely a trusted partner considering we have to be PCI compliant.”
The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers’ data—not just credit card data. Implementing PCI-DSS controls can help your customers spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:
We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements.
We implement security controls that help you meet your requirements.
You can use these services to monitor your security controls and hosted environment:
We help you implement the changes you require.
You will need to enforce these 12 requirements from the PCI-DSS standard. Here’s how we can help with each requirement.
|You must implement the following PCI controls:||Rackspace can help by providing:|
|Install and maintain a firewall configuration to protect cardholder data.||Managed Firewall|
|Do not use vendor-supplied defaults for system passwords and other security parameters.||Vulnerability Assessment Services|
|Protect stored cardholder data.||Not applicable — you must implement this requirement|
|Encrypt transmission of cardholder data across open, public networks.||SSL Certificates|
|Use and regularly update anti-virus software or programs.||Managed End Point Protection Suite|
|Develop and maintain secure systems and applications.||Web Application Firewall|
|Restrict access to cardholder data on a need-to-know basis.||Managed Active Directory|
|Assign a unique ID to each person with computer access.||Two-Factor Authentication|
|Restrict physical access to cardholder data.||Data Center Security|
|Track and monitor all access to network resources and cardholder data.||Log Management|
|Regularly test security systems and processes.||Threat Management|
|Maintain a policy that addresses information security for all personnel.||Not applicable — you must implement this requirement|
Remember that simply hosting with Rackspace doesn’t automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.
We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.
When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenization—replacing credit card data with meaningless numbers or “tokens”. When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenized credit card data routes to your payment processor.
Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.
Learn more about Security & Compliance at Rackspace
Learn how we can support your online store