We have a project planned to accept online payments on our website.
Our website uses Kentico EMS and is hosted in local AWS zone (Sydney region) with all website traffic behind SSL. We are currently using an AWS dedicated host, however we would like to move to an AWS shared host to reduce costs.
We will use a PCI-compliant third-party payment gateway provider for the transactions. We are not looking at storing customer's credit card information on our servers. I want to understand the process to ensure we are PCI compliant in Australia.
I would appreciate any comment on below:
1. Does our web server need to be on a dedicated server/host? i.e, not on a shared host?
2. Since the payment will be processed by the payment gateway provider, do we need to take further measures on our current infrastructure (as described above) to become compliant?
3. Anything else I should look into?