Company Info Careers

PCI Compliant FAQs

Q. Why is PCI compliant hosting so expensive?

A. #1 meeting PCI compliance is cheap compared to getting hacked, or getting fined by the Payment Card Industry, who's fines can easily start in the 10's of thousands or more, even for a small business. Its also cheaper than hiring a full or part time security expert on staff. #2 there is more than double the hardware required, a lot of extra software needed, and it does require a lot of support and service continually to keep up with security, patches, as well as other PCI requirements going through the logs on a daily basis. With all this in mind you might be thinking why is PCI compliant hosting so cheap at Penguin Web Hosting.

Q. I just talked to a cheap unlimited everything host and they said they are PCI compliant with their shared plans and I would pass a PCI scan, why should I pay more money for a dedicated server?

A. Keep in mind if they are offering you unlimited disk space, that can't be true because there is no such thing as an unlimited space hard drive, it makes you wonder what else they are saying isn't true.

While you might pass a PCI scan, that's only one small aspect of PCI compliance, and one of the easiest parts to PCI compliance. The scan, can only scan for external threats. You still need to do a number of other things, such as having someone to review your security logs daily.

If you ask them any specifics on what they do to meet PCI compliance they will likely not answer or give you an indirect answer.

Q. Will being Payment Card Industry Compliant make my site hack proof?

A. No, nothing is hack proof, even fortune 500 sites and government sites have been hacked. The idea is if you are doing everything to meet PCI compliance that you are a lot less likely to be hacked, any damage from a hacking incident will be minimized, an audit trail will be establish, and in the event the payment card industry contacts you, you will have records to show you took steps to meet the PCI compliance standards.

Q. Why is there a setup fee?

A. While meeting PCI compliance is a continual process, the majority of the work is done in the initial setup, therefore we charge a nominal setup fee.

Q. What versions of PHP, mySQL, etc do you run??

A. Currently we run PHP 5, mySQL 5, Apache 2.2, Python 2.4, Perl 5.8.8, Redhat 5 / Centos 5, RoR 2, PostgreSQL 8, Java 1.6, cPanel 11, WHM 11, and if you need any particular versions contact us and that should not be a problem.

Q. How many sites can I host?

A. There is no limit, however the more sites you have, the more you have to do to secure them.

Q. I am in Canada, is PCI compliance just for the U.S. or does it apply to me too?

A. PCI compliance is not limited to the United States, Canadian businesses, as well as companies anywhere in the world, need to adhere to the PCI standards if you accept any major credit cards, Visa, Mastercard, American Express, Discover, etc.

Q. I have no idea what any of this PCI compliance stuff means, help!

A. That's what we are here for! We are security certified and extremely familiar with the PCI compliance requirements. We will help you meet the payment card industry requirements and be with you to get you started as well as along the way.

Q. What is the fine for not meeting PCI compliance if you get hacked?

A. I don't know if they use a standard formula, but one company (not hosted with us) I know of had to pay $37,000 when only a few credit card numbers were stolen. In addition you face possible civil penalties from your customers, as well as lost business and damages to your reputation.

Q. Can I store the 3 or 4 digit CVV code?

A. No, PCI DSS requirements state you cannot store the CVV code, as well as certain other info from the card, even if its encrypted and on a database on a private network.

Q. Which levels of PCI compliance are support with these plans?

A. We support PCI compliance Level 3 and Level 4 on the two plans listed above, Level 3 is for merchants who process under 1 million Visa transactions per year, and Level 4 is for merchants who process less than 20,000 Visa transactions online per year. If you are a Level 1 or Level 2 merchant please contact sales for pricing.