What is a Shared Hosting Provider?
PCI Requirement 2.6 exists to protect hosting environments. When multiple clients’ data is all on the same server, the security of the server often becomes susceptible to vulnerabilities. For example, one client could create insecure functions, but because the data is under the control of a single environment, the other clients’ data would also become compromised. This is why PCI Requirement 2.6 requires that shared hosting providers protect the cardholder data of every single entity’s hosted environment. PCI 2.6 states, “Shared hosting providers must protect each entity’s hosted environment and cardholder data. These providers must meet specific requirements as detailed in Appendix A1: Additional PCI DSS Requirements for Shared Hosting Providers.”