|
Due the recent changes to the PCI DSS Compliance standards we had to make the following to the servers to stay with in compliance.
Q: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).
The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.).
It is important to note, the payment brands and credit card processors (acquirers) are responsible for enforcing compliance, not the PCI council.
The changes made on the server are
Both Ping and Trace Route are now disable on the server this means if someone pings or does a trace on a domain that is hosted my server will time out.
If you need to have this enabled login to your account submit a support ticket and must give a valid reason for it being enabled and list when and how long for it to be enabled.
FTP Server is switched to secure mode
You need to make sure you use FTP with TLS/SSL (Auth TLS – Explicit) we no longer will support FTP Standard Connections. You can find out to set up your ftp client use this through Google. We will eventually get how to in our knowledge base on our site for now use Google search for it. When you setup this for the first you will see prompt to confirm click on ok, submit or yes and there you go.
Automatic PCI and Security Scans
Every 60 days there will be automatic PCI and Security scan done by a company called Control Scan https://www.controlscan.com which will scan to make sure we stay compliant.
Point Action Services website changes are.
We have replaced our old SSL Certificate with a High Assurance 256bit Encryption SSL Certificate from Comodo. This certificate provides us a $250,000 Relying Party Warranty and allows Point Action Services to fully validated business.
Plus Point Action Services domain pointaction.com is certified by Godaddy.
The domain has passed the domain origination verification process through GoDaddy.com® using the contact information provided by the Subscriber. As of the time the certificate was issued, the WHOIS database contained valid email addresses for the Administrative, Technical, and Registrant contacts of this domain name, and the email addresses provided by the Subscriber have either not changed, or were re-verified after any changes to the email addresses provided by the Subscriber were made.
You see these items at bottom our website http://pointaction.com
If you have any issues with you website due these changes please contact support at support@pointaction.com.
Thank you,
Point Action Services, Inc.
CONFIDENTIALITY NOTICE: This communication and any documents, files, or previous e-mail messages attached to it, constitute an electronic communication within the scope of the Electronic Communication Privacy Act, 18 USCA 2510. This communication may contain non-public, confidential, or legally privileged information intended for the sole use of the designated recipient(s). The unlawful interception, use, or disclosure of such information is strictly prohibited under 18 USCA 2511 and any applicable laws. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
 |
 |
Point Action Services © All Rights Reserved |