PCI 2.0 Compliance, PCI/DSS

PCI Commplience

Delta Technical Services servers have been certified as being PCI DSS compliant. Rather than doing only the required quarterly scanning,  Delta Technical Services does daily PCI scanning and hacker proof scanning. The PCI scanners add new "Plugins" or tests into their   suite of tests regularly. We have daily scans done so we can be made aware of and patch any new vulnerabilities that may arise.

If your site accepts, processes, or stores credit card information, you have to accept the responsibilities of being PCI compliant. It's a large  responsibility and it requires a large amount of resources. The good news is that the Delta Technical Services  web hosting solution helps eliminate your worries.

If you have a shopping cart or ecommerce solution that is failing PCI certification at your current web host, Move it to Delta and the same application will pass PCI/DSS testing.  Our Web Application Firewall blocks the threats and vulnerabilities. Daily

Why do I need to be PCI Compliant?

While non-compliance penalties vary among major credit card networks, they can be substantial. Participating  companies can be barred from processing credit card transactions, higher processing fees can be applied; and in the event of a serious security  breach, fines of up to $500,000 can be levied for each instance of non-compliance.

The Payment Card Industry Data Security Standards (PCI DSS) are a set of requirements developed jointly by Visa, MasterCard, JCB International,  Discover and American Express to prevent consumer data theft and reduce online fraud. The PCI DSS represents a multifaceted standard that includes  requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.

Compliance and validation of compliance with some or all of the 12 requirements is mandatory for any organization that stores, transmits or  processes credit card transactions.

To whom does the PCI regulations apply?

The PCI DSS standards apply to all entities that process, store or transmit cardholder data. This includes all merchants and service providers  with external-facing IP addresses handle, store or transmit credit card data. Even if your website does not offer website based transactions  (for example, you link to a payment gateway) there are other services that may make card data accessible. Basic functions such as e-mail and  employee Internet access will result in the Internet accessibility of a company's network. These seemingly insignificant paths to and from the  Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled.

What is defined as 'cardholder data'?

Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name,  address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or  transmitted is also considered cardholder data.

What if I don't store cardholder data?

If you do not store cardholder data, the PCI requirements still apply to the environment that transmits or processes cardholder data. That  means that if you have a shopping cart where cardholder data is entered, you are required to be PCI compliant.

What do I have to do to be PCI Compliant?

You must purchase a PCI scanning service that will scan your website, but that is only the easy part. The PCI Scanning service will run  thousands of tests on your site and you must fix every little problem that they report as non compliant. The good news is, if you have  your site hosted with Delta Technical Services, we have done the hard part for you already! We guarantee that you will pass your PCI scan.


  • Log Monitoring and Management
  • Continuous Vulnerability Monitoring
  • Managed Anti-Virus Protection
  • Two-Factor Authentication
  • Application and Database Server Isolation
  • Managed SSL Service
  • Managed Redundant Firewall Protection
  • Managed Redundant Web Application Protection (Port 80/443)
  • Managed Redundant DoS/DDoS Mitigation
  • Managed and Monitored Intrusion Detection
  • Managed Proactive Operating System Security Patches
  • Managed Weekly Full Backups + Daily Differentials (Encrypted)
  • Highly Secure Data Center Environment
  • VPN/SSL Provided for Server Management (RDP/SSH/FTP/SQL)