The PCI SSC

The Payment Card Industry Security Standards Council, or PCI SSC, is an open global forum that was launched back in 2006. It comprises 5 different global payment brands:
American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. All of these companies agreed that they would implement the PCI DSS (Data Security Standards) and use them as their requirements for security compliance.

What does the PCI SSC do?

The PCI SSC is the entity that will approve and certify QSA’s (Qualified Security Assessors) and ASV’s (Approved Scanning Vendors). ASV’s are companies that offer services like Server Scan, including automated scans for vulnerabilities that generate PCI certificates and scan reports, and other security tests such as penetration testing. These approved companies undergo a rigorous testing process that is strictly monitored by the PCI SSC, and also have to pay costly annual fees in order to maintain their standing as a certified QSA or ASV. This allows them to pass PCI certification or certificates in the form of scan reports or other forms on to you, in order for you to prove your compliance with the PCI DSS.

What does the PCI SSC require for PCI compliance?

The PCI SSC will almost always require that you receive quarterly scanning from an ASV. If you’re not sure what requirements you need to comply with, the PCI SSC recommends checking with your acquiring bank. They will have the most clear information on what your company must specifically do to become PCI compliant. If you would like to get a general idea, take a look at our guidelines here.

Orders in Payment Received - These orders need to have an initial scan (starting immediately) and quarterly recurring scans (starting 3-5 days in the future) scheduled, then move to Completed. See instruction document.

Orders in Pending - These orders need to have the customer contacted by email to inform them that payment failed and their scans will be disabled in seven days if we do not receive payment. Once that happens, do the following -

Set the recurring payment in the SS order manager to 'Suspended'.

Login to the Scan Manager and disable their scans by going to the Scan Portal > Admin > Network Assets, and deleting the zone.

Login as the User and turn off any scheduled scans by going to the Checklist>Manage>Login as User>Scan Schedules and deleting any scans.

Move order to Non Renewed (Canceled). Do not move past successful orders to Canceled, just the current order in question.