One of the most valuable commodities in this day and age is your own personal information. The more we make purchases over the Internet or over the phone, in other words: not in person, the more important that information becomes.

However, as security breaches receive more coverage and are more well known to the public, trust in the current security measures is coming into question, and the need for stronger security and standardized tools and controls became necessary.

Enter the PCI DSS, or Payment Card Industry Data Security Standard. This was created by the five major credit card companies as a guideline to help merchants and other companies implement the necessary hardware, software, and other procedures to guard sensitive credit card and personal information.

The encouragement to achieve PCI compliance comes in a couple different forms: benefits and mandates. The mandates are the requirements of PCI compliance, and attached to them are some very strict and specific penalties. These could include fines as high as $500,000 per incident, and the loss of the ability to accept credit cards at all.

On the other hand, there are a number of PCI compliance benefits that should be as much of an incentive, if not more so, than the penalties. It merely requires a proactive understanding of the long term benefits of compliance. Some of these benefits, you will find, are somewhat more intangible than others, but that doesn’t make them any less valuable.

The first and most obvious benefit of PCI compliance is a simple matter of trust. What if your company was the one that recently suffered a major security breach? What if you had to live with the stigma of “the company that lost thousands of credit card number”? Could you ever live it down? Could you survive the fallout?

A giant company may be able to weather the storm (as has been seen in some recent cases), but most companies need to focus on building lasting trust from the beginning. Being PCI compliant can help you achieve this.

More tangibly, merchants who are PCI compliant are offered protection from the fines if you should happen to be breached. If you are compliant at the time you suffer an attack, you can have a sort of safe harbor.

At the moment, these “carrots and sticks”, or mandates and benefits, are assumed to be enough to encourage merchants to gain PCI compliance. But if it turns out, in fact, to not be enough, the PCI Security Standards Council will likely change the measures of encouragement. The reason for these measures is that trust is the only thing that will propel the online industry forward. If customers lose their trust in the system, they will find alternate methods to do business.

It is a difficult thing in the naturally competitive environment of online business to consider something as nebulous as “the greater good”, but in a world where personal information is so valuable, creating an environment where that information is utterly secure should be a top priority.

Andy Eliason is a writer for Main10, Inc. If you’d like to learn more about PCI compliance, or how to become PCI DSS compliant, visit Braintree Payment Solutions today and find out what they have to offer.

• Apache 2 – Linux Web server
• MySQL 5 – MySQL Database Server
• PHP4/5 – PHP Scripting Language
• phpMyAdmin – Web-based database admin software.

Note: Linux + Apache + MySQL + PHP/Perl together commonly known as LAMP Server.

First, let us prepare a system that has a minimum requirement of Debian/Ubuntu version of Linux with at least 256MB of RAM available. Anything less than this minimum ram will cause lot of problems since we are running a server along especially MySQL and Webmin requires lots of RAM to run properly. MySQL will give you this nasty error “cannot connect to mysql.sock” if you don’t have enough memory in your server.

I love Debian/Ubuntu based Linux because of my enormous affinity towards this command apt-get. As a starter knowing this one command, It is so easy to install packages and you don’t need to worry about package dependency and configuration. You need to buy a dedicated server or a VPS package if you want to setup your own server. If you want to experiment with the server and installation it is recommended to buy a VPS package. Believe it or not it is so easy to install and configure your server yourself even though you are new are to Linux and dedicated/VPS hosting.

First download PuTTy if you are accessing your server through SSH. Just enter the IP of your server with root login to access your host. As you probably know, Webmin is a freely available server control panel and we will setup this once we have completed the LAMP server and Mail Server. Webmin makes more easier for us to fine tune our Linux box.

Before proceeding to install, update the necessary packages with Debian with this command.

apt-get install update

1. Installing Apache + PHP

Apache is one of the most famous web server which runs on most Linux based servers. With just few commands you can configure apache to run with PHP 4 or PHP 5.

If you want to install PHP 4, just apt-get

apt-get install apache2 php4 libapache2-mod-php4

To install PHP5, just run the following on Linux shell. Note that if you don’t specify packages with ’4′, PHP5 will be automatically installed.

apt-get install apache2 php5 libapache2-mod-php5

Apache configuration file is located at: /etc/apache2/apache2.conf and your web folder is /var/www.

To check whether php is installed and running properly, just create a test.php in your /var/www folder with phpinfo() function exactly as shown below.

vi /var/www/test.php

# test.php
<?php phpinfo(); ?>

Point your browser to http://ip.address/test.php or http://domain/test.php and this should show all your php configuration and default settings.

You can edit necessary values or setup virtual domains using apache configuration file.

2. Installing MySQL Database Server

Installing mysql database server is always necessary if you are running a database driven e-commerce site. Remember running MySQL server to a fair extend requires at least 256mb of RAM in your server. So unless you are running database driven sites you don’t absolutely need MySQL. The following commands will install MySQL 5 server and MySQL 5 client.

apt-get install mysql-server mysql-client php5-mysql

Note: If you have already installed php4, you should make a slight change like this.

apt-get install mysql-server mysql-client php4-mysql

The configuration file of MySQL is located at: /etc/mysql/my.cnf

Creating users to use MySQL and Changing Root Password

By default mysql creates user as root and runs with no passport. You might need to change the root password.

To change Root Password

mysql -u root

mysql> USE mysql;

mysql> UPDATE user SET Password=PASSWORD(‘new-password’) WHERE user=’root’;

mysql> FLUSH PRIVILEGES;

You must never use root password, so you might need to create a user to connect to MySQL database for a PHP script. Alternatively you can add users to MySQL database by using a control panel like Webmin or phpMyAdmin to easily create or assign database permission to users. We will install Webmin and phpMyAdmin during later once we complete basic installation.

3. PhpMyAdmin Installation

PhpMyAdmin is a nice web based database management and administration software and easy to install and configure under apache. Managing databases with tables couldn’t be much simpler by using phpMyAdmin.

All you need to do is:

apt-get install phpmyadmin

The phpMyAdmin configuration file is located at: /etc/phpmyadmin folder.

To set up under Apache all you need to do is include the following line in /etc/apache2/apache2.conf:

Include /etc/phpmyadmin/apache.conf

Now restart Apache:

/etc/init.d/apache2 restart

Point your browser to: http://domain/phpmyadmin

That’s it! MySQL and phpMyAdmin are ready. Log in with your mysql root password and create users to connect to database from your php script.

This tutorial was written by Scott who currently runs MySQL-Apache-PHP.com.