Can anyone comment on risks or rules of using shared hosting vs VPS with e-commerce applications that may store credit card information. Are there specific rules around this to be aware of.
There are credit card industry rules. Unless you are using an external service like paypal, a shared hosting location is unlikely to qualify as a secure host.
Credit card information (except the last 4 digits) should be stored in an encrypted form with a log made of all accesses.
Click "Mark as Answer" on the post that helped you.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
One thing i've heard of being a large risk in a shared hosting environemnt is that your security is tied to how well the other sites are built, it's possible that someone can compromise your db/web app. by breaking in through another site (since they're
all on the same box).
asp2go
Member
57 Points
62 Posts
E-comm Hosting and Credit Card Info
Mar 02, 2009 04:20 AM|LINK
Can anyone comment on risks or rules of using shared hosting vs VPS with e-commerce applications that may store credit card information. Are there specific rules around this to be aware of.
Thanks,
TATWORTH
All-Star
72405 Points
14018 Posts
MVP
Re: E-comm Hosting and Credit Card Info
Mar 04, 2009 07:48 AM|LINK
There are credit card industry rules. Unless you are using an external service like paypal, a shared hosting location is unlikely to qualify as a secure host.
Credit card information (except the last 4 digits) should be stored in an encrypted form with a log made of all accesses.
This earns you a point and marks your thread as Resolved so we will all know you have been helped.
FAQ on the correct forum http://forums.asp.net/p/1337412/2699239.aspx#2699239
jstrosch
Member
70 Points
15 Posts
Re: E-comm Hosting and Credit Card Info
Apr 07, 2009 05:35 PM|LINK
Two resources that I've used to help try and build secure e-commerce sites are:
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html (section 3 & 4)
http://www.owasp.org/index.php/Handling_E-Commerce_Payments
One thing i've heard of being a large risk in a shared hosting environemnt is that your security is tied to how well the other sites are built, it's possible that someone can compromise your db/web app. by breaking in through another site (since they're all on the same box).