In order to accept credit
cards on your site, your site and the server hosting your site must be
able to pass a PCI Compliance security scan on a quarterly basis. The
scan, done by companies such as SecurityMetrics, is looking for known
security vulnerabilities.
Passing a security scan is not a one time job. New security
issues are routinely found and fixed. The Apache and PHP software that
run your site regularly release security fixes that require updates.
Updating Apache and PHP means shutting your site down while the
updates are installed. Using the scripts in our Server-Pak software,
AllMerchants has automated the update process to minimize down time.
You must have full control over the software running your site.
Because PCI Compliance requires regular software updates, AllMerchants
recommends that all e-commerce sites be hosted on a dedicated web
server or Virtual Private Server (VPS).
We also recommend that you avoid installing "control panel" software
on your server that is directly tied into Apache and/or PHP. Depending
on the control panel software, it's possible to run into scenarios
where you are unable to install the updates you need because they will
break the control panel, are too complicated to install, or you have to
wait for updates to come out for the control panel before you can
install them.
