Hey,
I’ve scanned resources regarding this within the DO community, but what level of PCI compliance are the DO servers if any?
I’m currently running a magento store and planning on letting users enter card information on site but process the transaction with 3rd party such as sage or stripe.
Has anyone tackled this before?
Thanks
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Moderator update (2021): Our certifications are now available via our Trust Platform at https://www.digitalocean.com/trust/certification-reports/
You can find information on our certifications/compliance for each datacenter here.
Much of PCI-DSS compliance depends on the configuration of your droplet and the services you run on it. We do not provide a hardened image by default but you receive full root access to configure your droplets as you require.
Ye i’m planning on using something like stripe.js to handle the bulk of processing payments, i’m just wondering where the server stands in terms of data protection etc.
I just did a PCI compliance test on a droplet. The server itself passed with flying colors (had basic SSH secured, firewall, etc)
Where it did not pass is the loads of documentation they now require. This must be something new because I have passed every year until now.
Things like:
*Are written policies and procedures defined for reviewing the following at least daily, either manually or via log tools? • All security events • Logs of all system components that store, process, or transmit CHD and/or SAD, or that could impact the security of CHD and/or SAD • Logs of all critical system components • Logs of all servers and system components that perform security functions (for example, firewalls, intrusion-detection systems/intrusion-prevention systems (IDS/IPS), authentication servers, e-commerce redirection servers, etc.)
The amount of documentation required is a bit overwhelming. In the end, the company decided to just stop storing CC numbers rather than pay me to do all the documenting.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.