FAQs - PCI Compliance

What part of MaxESP is PCI-Compliant?

A first in the shared hosting world, MaxESP is built on a completely PCI-Compliant infrastructure. We've built a private SQL solution that allows you to have a PCI-Compliant solution at low cost, with secure access included for free. Using our SSL VPN you’ll be able to manage your database securely across the internet while maintaining the compliance that most major credit card processors require.

What steps do I need to follow to make my solution PCI-Compliant?

  • Use the included SSL protected host name when web browsing (or a custom certificate like Global Sign uploaded for use on your site)
  • For commerce related portions of your site you must require the presence of a secure request using:
    • URL Rewriting
    • IIS settings to require SSL which can be set via the IIS Remote Administration tool
    • Coding within the site that catches the unsecure request and converts to a secure request
  • Using the Generate a Machine Key link in our control panel, configure a key in your web.config so that all of the servers in the web farm can use it.
  • Select the Private shared database option for the site you want to be PCI compliant.