In the past, some developers have recommended that their clients use Hosted Payment Pages (i.e. redirect to PayPal) or Direct Post (i.e. Stripe) so they could still be PCI compliant on shared hosting services. However, with the new standards, that's no longer a viable possibility. Sites using HPP or DP credit card processing now fall under SAQ A-EP instead of the rather trivial SAQ-A (or arguably the much more difficult SAQ-C) because the security of their site can impact whether or not data is transmitted securely to the wholly outsourced provider.
Instead of a 14 controls to meet, eCommerce sites using HPP or DP now have to meet 139 controls, most of which are outside of the control of a shared hosting customer.
https://www.pcisecuritystandards.org...AQ_A-EP_v3.pdf
https://www.pcisecuritystandards.org...PCI_DSS_v3.pdf
Instead of a 14 controls to meet, eCommerce sites using HPP or DP now have to meet 139 controls, most of which are outside of the control of a shared hosting customer.
https://www.pcisecuritystandards.org...AQ_A-EP_v3.pdf
https://www.pcisecuritystandards.org...PCI_DSS_v3.pdf
Aucun commentaire:
Enregistrer un commentaire