New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Do you want the provider to be PCI DSS Compliant?
Do you want the server you rent to be Compliant? If it is this one that is on you, not the provider.
As stated by @AuroraZ, it's your responsibility to implement PCI DSS in your rented hardware (and software) environment.
There are some providers that offer consulting services and certified DCs, e.g., liquidweb and rackspace.
Edit: OVH claims that it's german DC is gonna be PCI DSS certified.
Edit 2: See also Nimblu and Servinga.
I don't understand why people are impressed or even afraid of PCI DSS. It is not a very demanding standard but basically boiling down to "don't be an utterly ignorant and careless idiot!". Besides, one could argue about the real purpose of PCI DSS. My personal understanding is that it serves basically 2 purposes:
Practically speaking the first question to ask is what level you are. Probably level 4 which basically translates to "take care of your systems (e.g. proper updating), use reasonable software and encryption, and properly protect customer data!".
Even more practically speaking, most of the PCI DSS requirements are considerably less stringent than the european laws.
I can offer yet another and probably interesting view: PCI DSS is basically a deal with 2 factors, (a) your duties vs. (b) "their" liability ("their" meaning the higher levels with 1 being the highest and 4 the lowest). Most at the "lower end" (businesses dealing with customers) don't want a lot of burden and they pay for that by being the party where liability is virtually guaranteed to land. To avoid liability - and that's what PCI DSS is really about IMO - one has to climb up the ladder which means to make a lot more (quite costly) efforts - and the top 2 levels aren't reachable anyway for mere mortal businesses.
My advice: If you need to ask you'll be at the low end anyway. So here are two tips: use compliant software (some e-shop system for example are compliant), and use compliant managed hosting. Why (the latter)? Because (a) they usually know their business, and (b) that makes them the liability end point (unless you f_ck up really stupid and hard).