thePCI Portal

If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?

In the same vein of the SAQ A versus SAQ A-EP considerations, like is your web hoster a service provider for SAQ-A and “Does an SAQ-A merchant need ASV scans?”.

If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?  You will not find a direct unequivocal answer to that question in many spots.

One spot you WILL find a direct answer is way back in the February 2014 edition of the Assessor Newsletter.  The question was featured as the FAQ of the month!

 


 

 

 

 

And the direct answer is YES with mention of the risk of a website redirection attack.

And it turns out FAQ 1332 has the answer as well.

Ad below this line:

7 comments for “If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?

  1. Pingback: online
    • thePCIportal
      September 17, 2015 at 3:11 pm

      Months! Thanks. SL.

  2. August 24, 2015 at 6:58 pm

    Why don’t we give this a try?

    • thePCIportal
      September 17, 2015 at 3:09 pm

      We should! SL.

  3. thePCIportal
    September 17, 2015 at 3:12 pm

    When you are right, you are right. Titanium black. SL.

  4. November 30, 2015 at 7:23 am

    You actually make it seem so easy with your presentation but I find this topic to be actually something that I think I would never understand. It seems too complex and very broad for me. I’m looking forward for your next post, I will try to get the hang of it!|

    • thePCIportal
      December 4, 2015 at 4:04 pm

      I recommend some extra tutoring to get up to speed before mid terms. S.

Leave a Reply

Your email address will not be published. Required fields are marked *