If you accept credit cards for payment you have both a contractual obligation to your bank, as well as an ethical obligation to your customers to protect user data by becoming PCI compliant. This means different things to different companies depending on how they handle the card data and how many credit card transactions they process.
There are three critical questions any hosting provider needs to ask:
- What is your merchant level?
- What is the applicable PCI SAQ validation type?
- What is “in-scope” for PCI compliance on your network?
Be wary of anyone who doesn’t ask these questions right from the beginning before giving you a proposal!
Always remember: Compliance is not an end in itself. The ultimate goal of compliance is protecting Payment Card Information (PCI) by not having a breach!