thePCI Portal

If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?

In the same vein of the SAQ A versus SAQ A-EP considerations, like is your web hoster a service provider for SAQ-A and “Does an SAQ-A merchant need ASV scans?”.

If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?  You will not find a direct unequivocal answer to that question in many spots.  Its not in the PCI SSC FAQ (but probably should be).

One spot you WILL find a direct answer is way back in the February 2014 edition of the Assessor Newsletter.  The question was featured as the FAQ of the month!

2015-02 Assessor Newsletter 2

 

And the direct answer is YES with mention of the risk of a website redirection attack.

Ad below this line:

7 comments for “If a website uses a hosted payment page redirect, is the web server in scope for PCI DSS v3.x?

  1. Pingback: online
    • thePCIportal
      September 17, 2015 at 3:11 pm

      Months! Thanks. SL.

  2. August 24, 2015 at 6:58 pm

    Why don’t we give this a try?

    • thePCIportal
      September 17, 2015 at 3:09 pm

      We should! SL.

  3. thePCIportal
    September 17, 2015 at 3:12 pm

    When you are right, you are right. Titanium black. SL.

  4. November 30, 2015 at 7:23 am

    You actually make it seem so easy with your presentation but I find this topic to be actually something that I think I would never understand. It seems too complex and very broad for me. I’m looking forward for your next post, I will try to get the hang of it!|

    • thePCIportal
      December 4, 2015 at 4:04 pm

      I recommend some extra tutoring to get up to speed before mid terms. S.

Leave a Reply

Your email address will not be published. Required fields are marked *