Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:32 PM
Dark Reading
Dark Reading
Products and Releases

FireHost Announces The Payment Island Simplifies PCI Compliance and Boosts Security For Online Payments Processing Businesses

Payment Island essentially provides a data vault for businesses that process transactions in the cloud

(Dallas – Sept. 25, 2013) -- FireHost, the secure cloud hosting company, is further protecting payments processing cloud applications with its Payment Island solution. By decoupling credit card databases and transactional applications from monolithic IT environments, institutions responsible for storing, processing or transmitting credit card data can reduce their scope of compliance, provide better security, and achieve audits faster by reducing the risk profile associated with cardholder data. Presently, FireHost processes more than $20 billion dollars in transactions per year in its Payment Island on behalf of eCommerce and retail companies (merchants), payments processors, card issuers and other financial institutions. Kurt Hagerman, director of information security for FireHost, said that by improving performance within the cloud environment, a Payment Island provides responsible organizations with a safe haven for regulated payment card data. This kind of advanced protection requires specialized tools and expertise, and navigating these cyber threats and the regulatory landscape should only be trusted to a secure, managed cloud IaaS. FireHost Payment Islands were created to mitigate its customers’ compliance burden by decoupling their regulated data from their own IT environments, thus reducing risk. By isolating the payment engine through network segmentation, Payment Island essentially provides a data vault for businesses that process transactions in the cloud. By cross-connecting into a customer’s own infrastructure within a data center and storing data outside typical administrative permission controls, the service eliminates latency and scales to provide resources on demand. Now, in version 3.0, the FireHost Payment Island is updated regularly to ensure alignment with current Payment Card Industry Data Security Standard (PCI DSS) standards, but that’s really just a starting point. “This is a game changing, managed cloud compliance solution,” Hagerman said. “FireHost’s Payment Island provides customers a private cloud experience that protects transactional applications by removing regulated data from local or regular hosting facilities and storage and masking and cloaking it in the most sophisticated cloud infrastructure available. The Payment Island provides administrative controls by segregating data from the corporate active directory (AD) permissions, so that customers can more tightly lock down and protect the information from internal threats.” This concept was covered in a Dec. 2012 Gartner Research Note, “Become PCI Compliant by Choosing the Right Hosting Service Provider.”

According to Tiny Haynes, research director for Gartner and author of the research note, “Any site that handles credit card information needs to put in place the correct, far-reaching security processes and infrastructure to be PCI DSS compliant.”

He also recommends isolating the payment engine from the rest of the hosted infrastructure via network segmentation to reduce the scope of the PCI DSS requirements, and to “choose service providers that have already certified their operations as being PCI compliant. This will help you save time and resources, since you are obligated to use only PCI-certified providers.” Jed Danner, head of IT development at gotoBilling, agreed. The company, which has built its business model around offering a secure, compliant and easy payment platform, uses FireHost’s Payment Island to protect its customers’ personal and financial information in the cloud. “FireHost understands PCI compliance unlike any other cloud services provider, and that makes a huge difference to our business,” Danner said. “The network design of FireHost’s Payment Island makes it easy for us to keep our clients secure and meeting compliance, which is mandatory for our success.” The PCI DSS 3.0 standard is currently in its final phases of development. The final standard will be published in November and will then become effective Jan. 1, 2014. Although PCI DSS 3.0 becomes effective in January, compliance with 3.0 is not mandatory until January 2015. About FireHost FireHost offers the most secure, manage cloud IaaS available, protecting sensitive data and brand reputations of some of the largest companies in the world. With private, cloud infrastructure built for security, compliance, performance and managed service, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confidential data. FireHost’s secure, managed cloud IaaS is available in Dallas, Phoenix, London and Amsterdam, offer robust, geographically redundant business continuity options across all sites. Based in Dallas, FireHost is the chosen secure private cloud service provider for brands that won't compromise on the security of their payment card, healthcare, and other regulated data. Follow FireHost on: http://www.firehost.com http://www.twitter.com/firehost http://www.linkedin.com/company/firehost-inc. http://www.facebook.com/FireHost Company Contact: Editorial Contact: Cathi Lane Sarah Hawley FireHost Ubiquity Public Relations [email protected] [email protected] +1.877.262.3473 x. 8133 +1.480.292.4640 UK Editorial Contact: Mike Marquiss and Jonathan Mathias Johnson King PR [email protected] + 44 (0) 20 7401 7968 ###

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.