XMission is PCI DSS SAQ Certified

What is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) was developed by the PCI Security Standards Council many years ago to provide “an actionable framework for developing a robust account data security process – including preventing, detecting and reacting to security incidents.” While the credit card industry outlines policies and procedures specifically intended to handle credit card security, the best practices required for compliancy extend well beyond keeping customer credit card data safe.

Why is XMission PCI Compliant?

Since XMission processes thousands of customer credit cards every month, we have been maintaining PCI compliancy for years. As a hosting and colocation provider, XMission is required to complete the most rigorous SAQ (Self-Assessment Questionnaire) validation, Type 5: SAQ v3 D.

Why does it matter?

The PCI Data Security Standard and supporting documents represent a common set of industry tools and measurements to help ensure the safe handling of sensitive information. To reduce the risk of compromise and mitigate its impacts if it does occur, it is important that all entities storing, processing, or transmitting cardholder data be compliant.

Post-mortem compromise analysis has shown common security weaknesses that are addressed by PCI DSS, but were not in place in the organizations when the compromises occurred. PCI DSS was designed and includes detailed requirements for exactly this reason—to minimize the chance of compromise and the effects if a compromise does occur.

What does this mean for XMission customers?

Note that while XMission’s compliancy is likely essential for your colocated and hosted servers to earn compliancy, you must still complete your own PCI DSS SAQ if you process credit cards in our data center to satisfy the requirements of your merchant bank. Documents, including a copy of the SAQ are available here.

Is XMission Hosting PCI Compliant?

Since PCI compliancy has potentially more to do with your website than the hosting environment it’s run on let us clarify things. XMission’s cloud and shared hosting products provide platforms that are PCI compliant but we cannot guarantee that your website will be automatically compliant since we didn’t write your credit card processing solution. That said, we do promise to provide a PCI compliant enviroment and will, if necessary, make any necessary software security updates or help dispute any items referring to the LAMP (Linux-Apache-MySQL-PHP) stack your site resides on.

For more information about PCI DSS, refer to the PCI Security Standards Council website.

“ It’s rare these days to deal with a business which has the core value, or even the mere veneer, of supporting the client; your values are represented by every employee of XMission I’ve had the pleasure of dealing with.”
Further reading:
XMission’s security statement (PDF)