PCI Compliance

Discussion in 'Pre-sales questions' started by szuranski, Mar 5, 2015.

  1. We have are adding eCommerce functionality to our existing website hosted at Network Solutions. The entire process has been a nightmare. We are using Authorize.net as the payment gateway. We are collecting credit card information from the user and sending it to the server over https using an ajax call which in turn posts that info to Authorize.net. A response is then sent back to the client indicating success or fail. Pretty straight forward.

    When the site is scanned by the pci compliance company we are getting back the following error.

    Disable TLS/SSL support for weak ciphers
    Configure the server to disable support for weak ciphers.
    For Microsoft IIS web servers, see Microsoft Knowledgebase article 245030 for instructions on disabling weak ciphers.

    Speaking with Netsol they said our current ssl certificate will not pass pci compliance and that they will not disable support for weak ciphers as the recommended solution suggests. They did however suggest we upgrade to one of their eCommerce packages. No thanks.

    The question is, if we transfer our site to Winhost will this same problem still exists. Is there a certain type of ssl certificate needed? What do you suggest to accept credit cards for a very small eCommerce website.
     
  2. FredC

    FredC Winhost Staff

    You should have no problem as many of our customers passes PCI on our platform.

    There has been a lot of PCI changes in the past couple months regarding cipher requirements. You may not pass PCI straight through but we will work w/ your scanner to resolve any situations that might arise.
     
  3. Just a follow up. Moved our site over and had one item to be fixed to be PCI compliant. Winhost took care of it and we were compliant shortly after. Thanks!
     
    Last edited by a moderator: Oct 14, 2015
    Michael likes this.
  4. FredC

    FredC Winhost Staff

    Good to hear!!
     

Share This Page