PCI Compliance Scanning & SAQ
Making compliance easy...
| Sign up now and get your SAQ compliance certificate online quickly and easily for your merchant bank. | Sign up now for both the SAQ Compliance certificate and your PCI Scan Compliance certificate. | 
|
 |
PCI Scanning and Penetration Testing
The Authorized Scanning Vendors (ASCs) are controlled by the PCI Security Standards Council who regulate this industry. If your company takes credit cards online through your own website where you process card payments online you will need to prove that your servers are PCI Compliant and are hacker proof.
This is where PCI Scanning takes place and during the scanning process over 3000 known vulnerabilities are scanned and any detected problems are highlighted with detailed instructions about the nature of the security threat and the best way to resolve the issues.
PCI Scanning can be done by anyone who has the technical skills namely the system administrator for the servers who would have a working knowledge of (commonly) Linux or Windows (or other hosting environment) and would be able to work through the issues flagged which could often mean setting firewalls correctly, blocking open ports or setting up Secure Sockets Layer (SSL) certificates which ensure data is encrypted etc.
The process of scanning your servers will be the first step in understanding the issues which will need to be dealt with before you are granted the approval status. It is a simple process to undertake with the PCI scanning tools we have available. One of the competitive advantages we have over many of our competitors in this space is not only do we provide this service at some of the most competitive prices in this industry but we also do not limit the number of scans you are allowed.
Since many other ASV limit the number of scans per quarter to 10 scans over 4 IPs this constriction can often place your system admin under extreme pressure as failures can easily be triggered and it is not uncommon to need more than 10 consecutive scans to resolve all the issues which arise. Therefore our unlimited scanning offer is a highly competitive advantage over other Approved Scanning Vendors. Our PCI scanning costs £99 per year and you can sign up for this service HERE.
On completion of the PCI Scanning and once verified that your severs are secure you will also need to comply with the SAQ (self assessment questionnaire). This is a much more complicated and daunting task to achieve without specialized knowledge of the regulations and the way in your company processes card payments.
The SAQ is a requirement which is now mandatory for online companies who process card payments online and as of April 2010 all new companies will need to prove their compliance and submit the SAQ to their merchant bank before they are accepted. Companies who have been trading for many years will need to also confirm to the same regulations and their merchant banks will be requiring them to be 'in progress' of achieving compliance status in the short term.