Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Rackspace Customers cannot host shopping carts on the cloud???????


Rackspace Customers cannot host shopping carts on the cloud???????




Posted by jschmidt, 12-08-2011, 06:51 PM
I have been going back and forth with rackspace and trustwave. Trustwave says that my site is not pci compliant. Here is how my site works: a user clicks to purchase an item, and then logs in securely via https. From there, they enter their credit card information. When they hit process, it sends to authorize.net to process the card, and the results come back to my website. truswave says TOO BAD - that isn't how it works. The entire site/server must be PCI compliant to do it this way. Rackspace says the absolute only way to do it is to either a) have the credit card info be input at authorize.net or b) get a dedicated server. Is this your experience as well? I was not aware of this at all!
Posted by techjr, 12-08-2011, 07:07 PM
I don't believe common cloud hosts are capable of PCI compliance... I never understood why and since it doesn't directly affect me I haven't really looked into it much. I believe firehost is capable of doing it, but it's not exactly cheap. http://www.firehost.com/secure-hosting/pci I don't see why you couldn't use option A though. If anything it should be safer and easier for you.
Posted by lockbull, 12-09-2011, 04:24 AM
I think a more accurate title for this is "Rackspace CLOUD Customers cannot host shopping carts on the cloud???????", as Rackspace does offer PCI compliant managed hosting. If card holder data hits your network, essentially everything in that network is in scope. There are some "cloud" hosts that can offer PCI compliance (Terremark, OpSource, Firehost, etc.--typically the PCI compliant network is segmented from the standard cloud network), but, at a minimal, you'll need two virtual servers (the database is required to be located on a separate server that has no access to the public network), plus a whole host of other things such as a firewall, IPS/IDS, application firewall, centralized logging, etc. You're probably looking at paying at least $1500+ per month at a minimum for this type of service. The other (cheaper) alternative is to host your payment forms on another PCI compliant service (such as your payment gateway provider), or use some sort of tokenization, as in these cases card holder data isn't being transmitted via your network.
Posted by Mark Muyskens, 12-09-2011, 04:48 AM
Hey, I have actually assisted a customer get PCI compliance from securitymetrics.com for there site on RS Cloud Sites. I was provided by RS with the following POC; Sam A. sama@securitymetrics.com 801 995 6746 Just throwing that out as an option.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
help for VPN setup (Views: 707)
AXISHOST - no support response over 14 hours (Views: 696)
Stupid ZFHost (Views: 677)
Looking for a reseller account with these requirements (Views: 726)
top reseller wanted -- equivalent of Rackspace.com (Views: 693)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.