Does your business take bank card payments? If so, it should be performing a regular PCI scan to ensure data is secure.
WHY DO I NEED TO PERFORM PCI SCANS?
PCI scanning is a network security check that forms part of a globally-recognised standard required for any organisations taking payments via bank or credit cards.
Taking bank card payments requires the transmission of highly sensitive and valuable data. Should there be a weakness in your IT system setup, cybercriminals may be able to intercept this data without your knowledge. PCI scans aim to identify if there are areas of your IT systems that are potentially vulnerable.
The requirement for PCI scanning is outlined by point 11.2 of the Payment Card Industry Data Security Standard (PCI DSS) and forms a part of the compliance with the PCI standard.
The PCI standard is not a legal requirement. However, if a data breach occurs at your organisation relating to payment details, your bank will be fined by the PCI Security Standards Council. If your organisation is found not to be compliant with PCI standards, your bank can pass that fine on to you.
Alternatively, your bank may see your organisation as a risk to customer data and terminate your business account. This may, in turn, impact your credit status and ability to trade.
WHEN DO I NEED TO PERFORM PCI SCANNING?
According to the PCI DSS, organisations operating or providing Position of Sale or merchant services must “run internal and external network vulnerability scans at least quarterly and after any significant change in the network”. So scans should be taking place regularly.
Scans will look for weaknesses in your IT systems setup as well as any online presence you may have.
Should a weakness is found as part of a scan, it will need to be fixed. Scanning is repeated until a passing scan is made.
HOW AKITA CAN HELP
PCI scans must be performed by a third-party Approved Scanning Vendor (ASV). Akita works with Qualys to conduct scans, meaning that we can perform scans both for independent companies and those where we support or host their IT infrastructure and remain compliant with the PCI DSS.
Our process for PCI scanning is as follows:
- Scoping of your infrastructure
- Performing PCI scan
- Reporting on results, including details of weaknesses and recommended changes and fixes
- Remedying network weaknesses (conducted at the organisation’s request)
- Rescan and repeat the process
When a passing scan is completed, a certificate will be created.
Get In Touch
To discuss PCI scanning options for your organisation, please get in touch.
We have received your enquiry and a member of our team will be in touch soon. If your query is time sensitive please do call us.