PCI Security Scans

As PCI standards become increasingly important for the credit card processing industry, a number of companies have begun to offer services that periodically scan your website and identify potential vulnerabilities or concerns that could effect your level of PCI compliance. Some of these vendors, such as McAfee and Trustwave, offer badges you can place on your website to demonstrate that you are taking a proactive approach to credit card security.
We welcome these scans and appreciate the ongoing data they give us regarding our performance and how we can improve our security practices. However, these scans and the related monitoring and communication result in additional time and resources.
To help our clients understand the nuances of PCI scanning, we have put together this list of considerations related to PCI Compliance
  • PCI Compliance is an ongoing process. Most merchant processors require quarterly scans. You should expect that each scan will find new items and issues related to PCI Compliance.
  • PCI scans are evaluations of your specific website, as well as the web server where your site resides and the core software that is running on the server. Results of PCI scans are used to report your PCI compliance status to your merchant account provider.
  • We have never had a situation where a problem identified by a PCI compliance scan could not be fixed and/or resolved.
  • We cannot know how long it will take to fix a vulnerability or problem until we have seen the PCI scan report. Most problems can be resolved within one week, and frequently in one day.
  • If a PCI scan identifies a problem that is in our core software or our servers, we will fix these at no charge.
  • If the PCI scan identifies a problem with a third party software integration, a feature/functionality we developed specifically for your website, a data feed, or data/content taken from another site/source, we will need to charge you to fix the issue (at an hourly rate of $65 or $100 depending on the nature of the problem).
  • PCI security scans are programs that run automatically and autonomously. They scan thousands of websites built on a massive variety of platforms and servers and, needless to say, they are not set up to run custom scans for each possible variation. Sometimes, a PCI scan will identify something incorrectly as a vulnerability or it will mark something as a problem that is irrelevant to your website. We call this a false positive. In such cases, there is not something for us to "fix", instead, there are standard procedures (each company is different) we have to go through on your behalf to get the matter resolved. Depending on the vendor, there can be a significant amount of communication involved. We will need to charge you to review and/or resolve the issues (at an hourly rate of $65 or $100 depending on the nature of the problem).
  • PCI scans are very thorough and often present non-critical issues that do not effect PCI Compliance or website security (ie. Level 5 issues vs. Level 1 issues). These are usually informational or not relevant to your website (false positives). Our policy is to ignore these. If you would like us to evaluate / deal with non-critical issues we will need to charge you to resolve the issues (at an hourly rate of $65 or $100 depending on the nature of the problem).

  • Many vendors require you to fill out a twelve part questionnaire describing your security practices. Some of the questions may relate to the website and some may relate to your internal business practices. If you have specific questions for us related to our security practices, we can usually answer them. If you would like assistance with filling out the questionnaire, we can assist you at a rate of $65/hour.

We offer a robust PCI-Compliant payment solution through Pay Junction that eliminates the need for the credit card information to travel through your website and our web servers. This solution helps to avoid the hassles related to PCI Compliance and provides an excellent level of security. Please let us know if you would like to find out more details.

Take Your Website From Zero to Hero!
Let Us Know
How We Can Help!