PCI DSS Compliance Scanning

PCI DSS was originally introduced in the early 2000’s when online payments because more common. The Version 1.0 Standard was introduced in December 2004; merchants are currently operating under Version 3.x.

There is much misunderstanding about to whom PCI DSS standards apply. Here are the basic facts: (1) The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data; (2) The PCI DSS applies to companies that only take credit cards over the phone since they “store, process, or transmit’ cardholder data; (3) The PCI DSS applies to  any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI; (4) The PCI DSS applies to merchants who use a third-party company — does not exclude a company from PCI DSS compliance, but may reduce their risk exposure; and (5) In regard to fines, the payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. Then, banks will typically pass this fine along until it, eventually, hits the merchant. 

 

PCI DSS Compliance: SystemCHEK Risk Intelligence
  Atlantic Webs provides a managed service to its clients using the SystemCHEK Risk Intelligence Platform as a tool for owners to estimate the costs associated with a data breach. It is an On-Network Application which analyzes and locates sensitive data throughout your network and workstations. It identifies at-risk data as well as inappropriate access. Its Risk Reports are satisfactory for PCI DSS, PII (Personally Identifiable Information) and PAN (Primary Account Number) scans. Subscriptions are priced per user.
Please note that the Risk Intelligence service is not a replacement for PCI DSS, as the vendor is not an ASV. The service below is from an approved scanning vendor.

PCI DSS Compliance: HackerGuardian PCI Scanning
Atlantic Webs provides a managed service to its clients using the HackerGuardian Platform from Comodo, a PCI Council Approved Scanning Vendor. HackerGuardian is an Off-Network  Application which runs from a secure website and performs more than 30,000 vulnerability checks to identify security holes checks and provide actionable fix recommendations. After each scan you are provided with Ready-to-Submit’ PCI Compliance Reports for your acquiring bank. The standard service allows us to perform up to 10 PCI scans per quarter, on up to 5 servers. Additional Server IP Address Packs are available. Subscriptions are priced per server.

PCI DSS Compliance: Free PCI Self-Assessment Questionnaire Wizard
The Self-Assessment Questionnaire (SAQ) is a document that merchants are required to complete every year and submit to their acquiring (or merchant processor). The questionnaire consists of a set of 12 security requirements sub-divided into 6 broader sections – with each section targeting a specific area of security from the PCI Data Security Standard. The document has two purposes — to assist merchants in evaluating their security practices and plan for compliance; and as evidence for acquiring banks that merchants are in compliance with the DSS standards…….Subscriptions are priced per server.

PCI DSS Compliance: Current Options
The Options for these services is being updated. Please check back soon.

Features Standard Enterprise
Max Num of IP Address 5 20
PCI Scans per Quarter 10 Unlimited
ASV Scan Report included Yes Yes

 

 


Want more information ? Go to our Presales Knowledgebase or email Presales@Atlanticwebs.com..

Note: PCI DSS Standards information was excerpted from PCIComplianceGuidance.Org.

 

 

Solutions for you