What is a vulnerability scan?
PCI security scans are needed to ensure your business network is safe and secure. The PCI Security Standards Council (SSC) requires regular scans to help merchants spot security vulnerabilities within their business network and applications.
A vulnerability scan is an automated tool that checks for vulnerabilities in your operating systems, services and devices that could be used by hackers to target your business' private network.
When do I need to do a vulnerability scan?
You will only need to complete a vulnerability scan if the Self-Assessment Questionnaire (SAQ) in the PCI Portal demonstrates that you store cardholder data electronically, post authorisation.
You need to do a PCI vulnerability scan every three months if you:
- use a virtual terminal to process payments online (ecommerce)
- operate a chip and pin terminal through a broadband connection.
You do not need to do a PCI vulnerability scan if you:
- use a mobile terminal
- only take payments via telephone (MOTO account)
- operate a chip and pin terminal through a telephone line.
How do I complete a scan?
The scan is conducted in our PCI Portal and remotely reviews networks and web applications based on your external-facing Internet Protocol (IP) address. You can find your business IP address by asking your Search Engine “Whats my IP Address?".
As the scan is provided by an Approved Scanning Vendor (ASVs), it does not require you to install any software.
If you require a scan, we’ll remind with an email and link to the PCI Portal and guide you through the necessary steps.