What does PCI Scanning do?
PCI Scanning detects vulnerabilities on your website(s) and servers. Our reports clearly identify these vulnerabilities, providing the owner with a clear path to help secure their website. Preventing an attack from happening depends on user efforts in resolving the vulnerabilities discovered. Once you are made aware of your vulnerabilities, you can fix them. Finding and fixing vulnerabilities help to prevent hackers and viruses from exploiting your information.
Why are Your Competitors so Expensive?
Good question - we've asked ourselves the same thing. Our PCI Scanning services are generally more thorough, we typically scan for more vulnerabilities than the competition and do ASV (Approved Scanning Vendor) scanning just like theirs.
Is it difficult to set up PCI Scanning and complete the SAQ?
At Trust Guard we do everything we can to try to simplify and streamline the process by providing easy setup options and helpful wizard to assist you throughout the process. We even have dedicated PCI support staff available in case you have any problems or need guidance in fixing a vulnerability on your server.
What is the difference between Quarterly Scanning and Daily Scanning?
Other than frequency, they're the exact same service. Quarterly scanning is just the minimum number of scans required for PCI DSS Compliance for all merchants. There are however, two very good reasons to do daily scanning. The first reason is to make sure that your server is continually checked and protected against any new vulnerabilities that come up - I like to think of it as anti-virus software for your server. The second reason is to make your customers feel more comfortable. Think of it this way... Would you rather buy something from a website that is scanned for vulnerabilities once every three months or scanned every single day? Same with your customer. Obviously daily scanning is more expensive, but the price per scan is much lower, making it more affordable.
What can I expect once I sign up for Trust Guard PCI Scanning?
As soon as you sign up for our PCI Scanning service, you get an email with access to your Member Control Panel, where you start the verification process. One of the verification options in your control panel allows you to add your website's domain or IP address (along with additional IP addresses applicable to your website) into the system and start the PCI scanning process. As soon as the scans are complete, you will be able to review the reports and see if there are any critical vulnerabilities that need to be resolved by you, your host, or your shopping cart provider. There is also direct access in your control panel to the SAQ (Self-Assessment Questionnaire), along with helpful instructions that simplify the process so that you can complete the questionnaire as quickly and accurately as possible. As soon as your scans pass and your SAQ is complete, you simply forward them on to your acquirer. The process is very straightforward and user-friendly.
What are common misconceptions about PCI Scanning?
PCI Scanning is often mistaken for other services or products. Here are some common assumptions:
- PCI Scanning is not a Firewall - PCI Scanning can help protect your website and servers from Hackers, Trojans, and other viruses. However, PCI Scanning is not to be mistaken for a firewall. You should use a firewall in addition to PCI Scanning to compound your level of protection.
- PCI Scanning is not an SSL Certificate - PCI Scanning is an external scan that checks your website for vulnerabilities. In contrast, an SSL Certificate transfers encrypted information securely. Although an SSL plays an important role, especially if you deal with sensitive information (credit cards, Social Security Numbers, etc..), it only protects data transferred from your clients' computer to your website. Although an SSL is essential for securely transferring data, it does not help protect your site from outside attacks.
- PCI Scanning is not Anti-virus Software - PCI Scanning is often mistaken as anti-virus software, which it is not. PCI Scanning is an external vulnerability scan, which means that it checks your website from the outside to see if there are any security holes or weak areas where a hacker could get unauthorized access to your data. PCI Scanning is not made to detect or clean files that may already be infected due to a previous breach, but rather to protect this from happening in the first place.
Is PCI Scanning required for my site?
The Payment Card Industry now requires all businesses that process credit cards to perform at least a quarterly vulnerability scan and to fill out a Self Assessment Questionnaire. You may need to check with your acquirer/merchant provider to find out what scanning interval is correct for you. A benefit of complying with the latest PCI requirements is that vulnerability scanning can also give you peace of mind in knowing that your website is safe from outside attacks.
What do You Recommend?
Here's where PCI DSS gets very interesting in my opinion, because here at Trust Guard we view PCI completely different than any other company that offers PCI Scanning. While it is very important to have security measures in place to protect your customers, in our opinion, the true, long-term value of PCI DSS Compliance is MORE TRUST. Our motto here at Trust Guard is that Trust = Conversion, and we know, from seeing thousands of test results, that the more your customers trust you, the more likely they are to buy from you. If you consider the odds that a hacker is actually going to hack into your server or your shopping cart providers' server and steal your customers' credit cards, it's very unlikely, but that's not the point. The point is that by implementing PCI DSS, you've lowered the odds even more, and by your actions you have shown your customers that you truly care about their security, and that gives them additional peace of mind which means more sales and more money to your bottom line.
For anyone that is serious about their online business, I recommend that even if PCI DSS Compliance is not required by your acquirer, that you still have your site scanned because your site will be much safer. Our seals are awarded based on successful PCI Scans, not on PCI Compliance, which gives you more flexibility. You'll get more sales and more repeat customers by having a Trust Guard Security Scanned seal on your site than without one, a great deal when you consider how affordable we've made it for small businesses.