What is a vulnerability scan?
PCI security scans are needed to ensure your business network is safe and secure. The PCI Security Standards Council (SSC) requires regular scans to help merchants spot security vulnerabilities within their business network and applications.
A vulnerability scan is an automated tool that checks for vulnerabilities in operating systems, services and devices that could be used by hackers to target your business' private network.
How do I complete a PCI vulnerability scan?
See How do I complete a PCI vulnerability scan? for more information.
When do I need to do a vulnerability scan?
You will only need to complete a Vulnerability Scan if the Self-Assessment Questionnaire (SAQ) in the PCI Portal demonstrates that you store cardholder data electronically, post authorisation.
You need to do a PCI vulnerability scan every three months if you:
- use a virtual terminal to process payments online (ecommerce)
- operate a chip and pin terminal through a broadband connection.
You do not need to do a PCI vulnerability scan if you:
- use a mobile terminal
- only take payments via telephone (MOTO account)
- operate a chip and pin terminal through a telephone line.
Why do I need to do a scan every three months?
Unfortunately, hackers and sophisticated malware are constantly updating their ability to disrupt systems and intercept financial data. Conducting a scan every three months identifies any new vulnerabilities in your operating systems and therefore maintains the highest level of security for you and your customers.