I'm going through the steps to accept credit cards on my online store.

For VISA/MC/AMEX to allow this, I must achieve PCI certification, which involves running a security assessment on my site.  The first run failed with about 8 Sev 3 failures.

Lunarpages techsupport says they can fix about half of those, but not all since it is a shared server.  They advise that I should move to a dedicated server @$99/mth.  Quite a LARGE step from the $7.95/mth I'm paying now.

I'm wondering anyone on a shared server here has achieve PCI cert., and if so, how?

sb.

 

It appears as though I will be forced to move away from LP to get this done.

Perhaps Lunarpages should change the
"E-Commerce" bullet under the Shared Hosting Plan description to

"E-Commerce -- no credit cards"
Not looking forward to all the work involved in moving...

sb

My payment processor is Beanstream (beanstream.com).  These folks, FWIW, are VERY helpful and responsive.  They return my phone calls, and answer my questions usually within an hour.

VISA will apparently not certify anyone (perhaps it's canada only?) without being certified by a PCI auditor.

The tests that are failing on lyra are:
- SSL Server Supports Weak Encryption Vulnerability 
-  SSL Server May Be Forced to Use Weak Encryption Vulnerability 
-  SSL Server Has SSLv2 Enabled Vulnerability 
-  SSL Server May Be Forced to Use Weak Encryption Vulnerability 
-  MySQL User-Defined Function Buffer Overflow Vulnerability 
-  Mail Server Accepts Plaintext Credentials 
-  UDP Source Port Pass Firewall (src port 53)

NOTE: My merchant vendor has informed me that if Lunarpages justifies these failures adequately, it is possible to approve the application anyway.  I've updated my ticket to ask for such justification.

They also informed me that if anyone else on my shared server (lyra) is PCI certified, a photocopy of that certification is all they would need to approve me.  Is this something LP could find for me?

"As a note, this is quite the gimmick as far as I'm concerned, as with any properly protected database, trusted certificate (such as those we provide through Lunarpages) and well developed storefront, will never have any issues with a compromise."

I think the point of this certification is to proove the "properly protected", "trusted", and "well developed" parts of your sentence.

Thanks for looking into this Jay!
sb.

Have you searched all of Lunarforums.com for discussions on PCI? Do an advanced  search. There were some discussions on why Lunarpages accounts got a "false positive" on vulnerabilities in the PCI audits. This might be useful information on dealing with VISA.

Don't forget that other companies such as PayPal (and others) will be happy to accept credit cards on your behalf. You don't have  to have a merchant account and payment gateway.