• Understand traffic laws
• Keep your license current
• Don’t drive while impaired
• Check your blind spots
• Leave adequate space between yourself and others
• Perform regular vehicle maintenance
• Practice defensive driving
• Carry motor vehicle insurance
•  
•  
•  
•  

• Establish and manage firewalls securely
• Never leave any default passwords around
• If credit card details are stored, keep them masked & encrypted
• Use latest, safest transmission protocols
• Use anti-virus software properly
• Use latest, safest versions of your payment application
• Don't let anyone get access to your data
• Manage access using safe password controls
• Lock the doors to the physical space
• Everything, but everything, must be logged and monitored
• Set up critical checks and filters (IDS/FIM/WAF/Pen Testing)
• Put Incident Response & Disaster Recovery plans in place.

• Doesn't necessarily put database on its own server.
• Doesn't necessarily put database behind a firewall.
• Will allow visitors direct access to your servers.
• Doesn't use the AspDotNetStorefront implementation guide.

These are heavyweight security problems.
Why not email your host with these questions?

• Gives CDE segmentation to database (away from the web server)
• Restricts access to database servers to cut malicious traffic
• 'Hardens' the environment using NIST/OWASP techniques
• Manages firewalls to route pre-determined traffic away from CDE

Hosting of this kind offers a good foundation.
That leaves you free to outsource security services

• Total segmentation of cardholder data environment (CDE)
• Locks down access - only programmatic database access
• Penetration testing. Change detection. Vulnerability scans
• Complete audits with tracking, monitoring and alerting

By fully understanding online payment security ...
... we have put together a full range of services