Vulnerability Management

What is a PCI 

scanning service?

What is a PCI scanning service? 

A PCI scanning service or PCI vulnerability assessment is an automated, high-level test that checks for and identifies potential vulnerabilities in a company's information technology architecture to see if they break PCI compliance. These tests are conducted by organizations known as a PCI Approved Scanning Vendor (ASV), and they must happen at least every quarter. 

Payment Card Industry Data Security Standard (PCI DSS) is a set of technical and operational requirements for organizations accepting or processing payment transactions. These standards are set and governed by the credit card companies (i.e., Visa, MasterCard, American Express, etc.) and were created to increase controls around cardholder data to reduce credit card fraud. 

PCI compliance is awarded to organizations that have met the twelve requirements the PCI DSS has set to show proper security is in place to process credit card information. Validation of compliance is performed annually or quarterly by a method suited to the volume of transactions handled. Organizations with smaller volumes of transactions can perform self-assessments, larger volumes require a review by an external assessor, and organizations with extreme volumes require that an internal assessor be put on staff to conduct and report on compliance audits regularly.