How to complete a PCI vulnerability scan

What is it?

You may be required to undertake a scan of your systems to comply with PCI DSS standards. A vulnerability scan is an automated tool that checks for vulnerabilities in operating systems, services and devices that could be used by hackers to target your company’s private network.

See What is a PCI vulnerability scan? for more information on when it is required.


How do I complete a scan?

The scan is conducted in our PCI Portal and remotely reviews networks and web applications based on your external-facing Internet protocol (IP) addresses.  You can find your business IP address by asking your Search Engine “Whats my IP Address?".

As the scan is provided by an Approved Scanning Vendor (ASVs), it does not require you to install any software.

If you require a scan, we’ll remind with an email and link to the PCI Portal and guide you through the necessary steps.


Why do I need to do a scan every three months?

Unfortunately, hackers and sophisticated malware are constantly updating their ability to disrupt systems and intercept financial data. Conducting a scan every three months identifies any new vulnerabilities in your operating systems and therefore maintains the highest level of security for you and your customers.

Have more questions? Submit a request


Contact Customer Services

Please Email

Powered by Zendesk