By Philbert Shih, theWHIR.com
August 24, 2005 -- (WEB HOST INDUSTRY REVIEW) -- Credit card companies have instituted new security regulations on both merchants and service providers in an attempt to ease customer concerns about identify theft and fraud. The CISP/PCI standard, which comprises Visa's Cardholder Information Security Program and MasterCard's Site Data Protection Program, mandates minimum encryption standards, periodic scanning, active monitoring and implementation of access controls.
The deadline for compliance passed on June 30. But many hosts have been slow to jump on board, says Brad Bialas, president of BluePay (bluepay.com), a provider of online payment processing solutions for online merchants and Web hosts. "Hosting companies are well behind the curve … the compliance date has already gone by and they haven't done anything to be compliant."
Being compliant with the PCI standards can be a matter of life or death for hosts, says Bialas, with the fines high enough to cripple a company or put it out of business. If, for example, security is breached and sensitive data stolen, fines can start as high as $100,000 per incident if a company is not in compliance when the incident takes place. Obviously the only way to avoid those penalties is to meet the requirements."If you are in compliance and have gone through the process, there will be no fines, you are considered in the safe harbor," says Bialas.
BluePay, which has a very large Web host user and reseller base, is helping make it easier for hosts and their customers to get in compliance. The company recently announced that it would offer CISP/PCI compliance services in partnership with AmbironTrustWave (atwcorp.com), a provider of information security and compliance management solutions.
Visa has classified companies into categories, each with its own set of compliance requirements. A Group 1 merchant processes over 6,000,000 transactions a year, a Group 2 merchant processes anywhere between 150,000 and 6,000,000 transactions, while a Group 3 merchant covers 20,000 to 150,000 transactions. Most of BluePay's hosts, says Bialas, fall into the third group. And by the recently passed June 30, 2005 deadline, these companies were required to meet two stipulations: completing an annual CISP/PCI questionnaire and having scheduled quarterly network scans conducted by an approved Quality Data Security Company provider.
Bialas says BluePay looked to partner with Ambiron because it wanted to support its Web hosting partners and educate them about the liabilities they face. "We have so many customers that ... weren't aware of what they needed to do," he says.
With the Ambiron partnership in place, says BluePay, the company can help hosts and their merchant customers complete the compliance process. The companies will assist with the questionnaire and QDSC-approved Ambiron will undertake the mandatory quarterly network scans.
BluePay and Ambiron will also help hosts determine in what category they belong. This can be a tricky issue for hosts, says Bialas, because hosts can be considered both merchants and service providers. The level of transactions conducted by the merchant a Web host provides hosting services for could increase a host's classification, Bialas says. So if a company hosts a Group 1 merchant, it would change the host’s classification to a Group 1 service provider, which brings with it a different set of compliance requirements.
"Hosting companies really need to be aware who they are hosting," says Bialas. "The aggregate amount of e-commerce transactions going through the companies you host, if that reaches a certain level, in an aggregate form, then you are also going to be moved up the standards."
The service also presents a marketing opportunity for hosts, Bialas says, because the credit card companies are going to start advising companies like BluePay to only do business with those organizations that have been certified and are in compliance."The guys who jump on this first," he says, "can really do a good job of marketing themselves as one of the certified providers, [and will] get a big jump in business."
In the end, compliance is a matter that must be addressed, Bialas says. "You'd hate to lose your business over something like this."
 |
PREVIOUS: Uplinkearth Buys Nevidia Internet Solutions | | | NEXT: SitePal Reseller Program Offers Unique Value |  |
Read Back Issues of WHIR Magazine
October 2009 - Web Hosting's All Star Team
This has been, for us, one of the most interesting, exciting and challenging build-ups to an issue of the magazine yet, Web Hosting's All Star Team. The balloting process was our first experiment with a kind of user participation we're planning to do a lot more with in the months to come. We had thousands of ballots submitted, with hundreds of write-in suggestions and a demonstration of user engagement that has us feeling super positive about the project.
About This Issue | Read Digital Edition
July 2009 - What am I Worth?
One of the interesting luxuries of working on a project like the printed WHIR magazine is that it allows us to play with things like our point of view from one issue to the next. In recent months we've been giving added attention to the kind of practical and applicable advice aimed at smaller hosts and resellers. This issue carries on with that point of view, asking, in our cover story, "what am I worth?" It's a complicated question without a clear-cut answer.
About This Issue | Read Digital Edition
May 2009 - The Blueprint for a Small Web Host
I was a little surprised by how difficult it became to see this idea through. We set out to assemble a blueprint for a small hosting business, but butted up pretty quickly against the general impossibility of covering all the territory that was out there to be covered. The basic constraints of a printed magazine, and the less-than-infinite amount of time we had available forced us to face the fact that we could never produce an exhaustive guide to starting a hosting company.
About This Issue | Read Digital Edition
Comment anonymously or log into your WHIR account
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.