In this article we'll discuss PCI compliance requirements, explain what is PCI compliance, and give some steps to pass a PCI scan. PCI DSS stands for Payment Card Industry Data Security Standard. The PCI DSS was created back in 2004 by the four major credit card companies American Express, Discover, MasterCard, and Visa to help ensure that consumer payment card data is being transmitted and stored securely on the Internet.

PCI compliance requirements

If you have a website where you will be taking credit card numbers directly from your visitors, it's typically required to pass PCI scans before your site can be given a seal of approval for adhering to the PCI DSS. A PCI vendor will do a series of PCI scans on your website and provide you with a PCI scan report usually in PDF format that should include an actionable list of failures, and possible solutions.

Passing a PCI compliant scan attempt will genereally require changing some default settings on your server to be more secure before they proceed with the scan. Some of the most common things that will need to be done will be closing ports at the firewall, and ensuring that you're using up to date software.

Staying PCI compliant

PCI compliance is an on-going commitment, and most PCI vendors will require doing a new scan about once every 90 days or so to ensure that your website is staying compliant. Ensuring that your website stays PCI compliant can help keep your customers trusting you, as it shows them you're committed to maintain orders without the risk of a security breach and theft of their vital data.

If you've already had a scan run on your website and the test failed, you can e-mail a copy to us at support@inmotionhosting.com to have our system administration department review the scan for you. Below are some of the common things that can cause a PCI scan to fail initially. Over time each of these should also link for how to handle that type of failure on your own.

You should now understand about PCI compliance and why it might be important to have for your website if you're accepting credit cards.
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
121 Points
2014-05-05 11:05 am
Since am using a gateway and payment processor, do I still need to do PCI compliance test on my site?
Staff
9,968 Points
2014-06-28 4:13 am
Hello,

You only need to pass PCI compliance typically if you're handling credit cards directly on your site. If your gateway or payment processor does not require a PCI scan before giving your site a seal of approval then you shouldn't need to worry about it.

- Jacob
n/a Points
2014-09-23 4:49 pm

We do take cc through our site.  Failing the PCI scan right now.  By default should port 80 be closed?

Created a URL redirect from Port 80 to 443 but Scan fails if 80 remains open, which is necessary if we want the redirect to work. 

Staff
17,351 Points
2014-09-23 5:19 pm
Hello Charlie,

Sorry to hear that you're having problems with the PCI compliance. As per our documentation, if you have completed a PCI test and it's failing, then the best step is to contact our technical support staff (support@inmotionhosting.com). You should provide a copy of the report so that they can review it. Port 80 is not typically closed.

I hope this helps with publishing the next Let us know if you require further assistance.

Regards,
Arnel C.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

4 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!