PCI scanning is a network security check that forms part of a globally-recognised standard required for any organisations taking payments via bank or credit cards.
Why do I need to perform PCI scanning?
The requirement for PCI scanning is outlined by point 11.2 of the Payment Card Industry Data Security Standard (PCI DSS) and forms a part of the compliance with the PCI standard.
The PCI standard is not a legal requirement. However, organisations taking payments via card that fail to observe it leave themselves exposed. If a data breach occurs at your organisation relating to payment details, your bank will be fined by the PCI Security Standards Council. If your organisation has not complied with the PCI standard, the bank can pass that fine on to you.
Alternatively, your bank may deem your organisation to be a risk to customer data and terminate your business account. This may in turn have a knock-on effect to the credit status of your organisation and your ability to trade.
When do I need to perform PCI scanning?
According to the PCI DSS, organisations operating or providing Position of Sale or merchant services must “run internal and external network vulnerability scans at least quarterly and after any significant change in the network”.
Should weakness be identified, the issue/s must be rectified. Scans are repeated until a passing scan takes place.
How Akita can help
PCI scans must be performed by a third-party Approved Scanning Vendor (ASV). Akita works with Qualys to conduct scans, meaning that we can perform scans both for independent companies and those where we support or host their IT infrastructure and remain compliant with the PCI DSS.
Our process for PCI scanning is as follows:
- Scoping of your infrastructure
- Performing PCI scan
- Reporting on results, including details of weaknesses and recommended changes and fixes
- Remedying network weaknesses (conducted at the organisation’s request)
- Rescan and repeat the process
When a passing scan is completed, a certificate will be created.
To discuss PCI scanning options for your organisation, please get in touch.
Other services Contact us