Companies that handle any number of credit card transactions online must meet PCI scan requirements.
PCI scanning protects your company, your customers, and credit card companies from the extra costs and liability that can be incurred when data loss or theft occurs. If you are new to PCI compliance and want to understand more about the requirements imposed by credit card companies, check out our PCI compliance scanning page.
Scans are performed by an Approved Scanning Vendor (that's us!) at least every three months. These scans probe your website or network searching for vulnerabilities that are known avenues or potential avenues of exploit for hackers and automated attacks.
If we discover a vulnerability, we'll provide you with a detailed report of exactly what the potential threat is and information you can use to remedy the issue. You can scan your website as frequently as you like. If you receive a failing score on one of your required quarterly scans, you can scan again as soon as you believe the issue is resolved. There is no charge for rescanning after a failed scan.
How do does quarterly PCI scanning work?
The process is easy. As you purchase your PCI ServerScan service, you will be asked to enter the domain name of the site that you would like to scan. We will then configure a customized scanning account for you. Once your account is configured, you can login to your account and run or schedule scans whenever you want.
The scan finished and I've passed. What now?
Inside your ServerScan account you can download and review a detailed report of each scan you run. For passing PCI scans you will also get certified ASV documentation to have as evidence of your external PCI scanning compliance. Our Self Assessment Questionnaire (or SAQ) wizard will help you complete the remaining documentation required for PCI compliance.
What do I do if I fail my scan?
Inside your ServerScan account you can download your detailed scan results, including descriptions of all vulnerabilities identified, and resolution suggestions to help you fix each one. Once your server administrator has performed the necessary corrections, repeat the PCI scan (no extra charge). Once all vulnerabilities have been resolved your PCI scan will pass.
Can I automate my PCI scans?
Absolutely! Our scans can be scheduled to run any date and time. You can also set a recurring schedule for your scan to run automatically every day, week, month, or quarter. We recommend that you have your scans run monthly, during low-traffic hours.