[AusNOG] Issues receiving from TPG Mail servers.

[Chad Kelly]

On 7/24/2018 12:00 PM, ausnog-request at lists.ausnog.net wrote:

> I would be surprised if any shared/public hosting environment can also
> deliver PCI compliance as a result. Dedicated tin ensuring segregation
> between your systems and those of $RANDOM_STRANGER is required.
> Or have we forgotton meltdown/spectre?
Shared hosting by itself is not PCI compliant.
You can't store credit / debit card info on a shared server even with an 
SSL certificate.
You can however use a payment gateway such as Eway to collect the info 
required and handle payments or Paypal is the other option or any number 
of other solutions.
Unless the organisation is ISO 27001 certified they shouldn't even think 
of storing payment info that isn't counting the money you need to spend 
on the PCI DSS side of things.
I'd just ban anyone from storing card info on the server as its way too 
much of a security risk think what happened to Cyanweb.com.au when they 
were brute forced and the hackers destroyed the lot including the 
billing system.

-- 
Chad Kelly
Manager
CPK Web Services
Phone 03 5273 0246
Web www.cpkws.com.au