PCI Watch

PCI DSS requirement 2.6 and Appendix A: ?Additional PCI DSS Requirements for Shared Hosting Providers? is applicable to all shared hosting providers whose customers store, process, or transmit cardholder data. A shared hosting provider is one that houses multiple customers on the same server. These requirements for shared hosting providers are not applicable when servers are dedicated to a single customer (but all other applicable PCI DSS requirements do apply).

To determine the applicable PCI DSS requirements for a given shared hosting provider, please contact a Qualified Security Assessor (QSA). The list of QSAs can be found at
https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php

(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)