FAQ #1221 Diff
Do shared hosting providers need to comply with PCI DSS?
Earlier Version
Later Version
Removed
Added
PCI DSS requirement 2.6 and Appendix A:A1: ?Additional PCI DSS Requirements for Shared Hosting Providers? is applicable to all shared hosting providers whose customers store, process, or transmit cardholder data. A shared hosting provider is one that houses multiple customers on the same server. These requirements for shared hosting providers are not applicable when servers are dedicated to a single customer (but all other applicable PCI DSS requirements do apply).
To determine the applicable PCI DSS requirements for a given shared hosting provider, please contact a Qualified Security Assessor (QSA). The list of QSAs can be foundat
https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.phpathttps://www.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors
(Note: PCI DSS Requirement numbers referWhether a service provider is required to PCI DSS version 3)validate PCI DSS compliance is determined by the individual payment brands. Entities should always contact their acquirer or the payment brands directly to determine their compliance reporting requirements. Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?
To determine the applicable PCI DSS requirements for a given shared hosting provider, please contact a Qualified Security Assessor (QSA). The list of QSAs can be found
https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.