Note: Please contact us if you wish to add information to this article. Thank you!
By default our secure systems meet if not exceed the standard PCI compliance requirements. However, over the years many PCI testing services do more than test the standards in our experience. If left alone, your cloud account should pass all the basic requirements. However, once you introduce your web site scripts and other customization that you install or add to your account, those are the things you need to make sure are compliant too. All depends on the tester. If they find that your app that you installed is not meeting a requirement, it does not mean it is not PCI compliant by the standard definition but it could be because the testing organization is far more picky about it! It is not Parcom's responsibility to adjust your code, update your software, or accomodate the "above requirement" software/scripting type failures naturally.
RECOMMENDED SERVICE: ADVANCED (Do not use anything less)
Parcom recommends Trustwave, and if you provide the referral code of "PARCOM" when signing up you should be able to obtain a nice deal with them. Visit: https://www.trustkeeper.net
We like to be up front and honest as we're the hosting company that built around security first. Have done so since 1997. We can tell when a testing organization has "personal" or "above and beyond" testing requirements that are sometimes well beyond the requirements. Which is fine, but the goal of the customer should be to meet the standards not the biased expecations of the tester. Keep that in mind as they may try to fool you into testing for things that don't exist, have false alarms or "false positive" results for something that may not even be on your site only to charge you more for some enhanced testing. Just be careful out there is the bottom line. Scamming with this PCI stuff is abundant!
PCI Compliance is also the customer responsiblity because even if our systems by default can pass virtual all *standard* testing and not the above and beyond non-PCI related security tests that are mandated by personal changes to a testing organization (many organzations claim tests to be part of the standard and that can be argued as false or not, but the point is the standards are met at Parcom.) If you place a substandard or freeware app that has not been tested and gets exploited, customers are ultimately responsible for breaking PCI compliance, not Parcom. In security, it is ultimately the customer's responsibility to reach the highest level of security. The starting point is a blank clean slate with Parcom - that meets if not exceeds both our own and many standard testing here. So, with that said, be sure to remember, whatever you do or add must have strict consideration about your security standards within your company. If you practice secure access 100% with your files, you should be one step ahead of everyone who does not... If you purchase and maintain up to date secure apps and solutions, you again are way ahead of the process! Common sense needs to apply, and whenever you do not pass a test with your chosen PCI tester, please be aware that many times it is your app that can change the dynamics of the approval process - not so much the server. False positives get really high when clients add every free-app known to man (severe case but it happens!)... just be mindful of such matters if security is important to you!