Here’s everything you need to know about a PCI compliance scan — what it is, why you need it, and how to run it
If you’re a company that accepts, processes, and stores credit card data, you need to stay compliant to the payment card industry (PCI) compliance standards framed by the PCI DSS Council. It’s a set of 12 requirements formed cooperatively by Visa, MasterCard, JCB International, Discover, and American Express to prevent consumer data theft and host customer data securely. A PCI compliance scan is a necessary evil that you must take care of.
In order to qualify for Payment Card Industry Data Security Standards (PCI DSS), you must have your internal and external networks scanned with an approved PCI DSS scanning vendor. Let’s see what a PCI compliance scan is made of.
What Is PCI Scan? How Is It Done?
Every website accepting credit card information must perform a quarterly scan of your ecosystem and submit it to the acquiring bank. On failing to do so, you most probably lose your license to accept and process credit card information, which, in turn, could be catastrophic for your business considering the popularity of using debit and credit cards.
As far as the PCI scans are concerned, there are three types of scans. Let’s see each one of them in a bit detail in layman’s language:
External scan means all the IP addresses/ranges that are public-facing on your network. These addresses/ranges need to be scanned on a quarterly basis.
Internal scan refers to your internal environment and the safeguards you have in place. This scan ensures that things are in proper position and are working appropriately.
Application scans are a must if you’re deploying public-facing web applications. Scanning of these websites needs to be done on a quarterly basis as well.
Who Performs PCI Scans?
As we saw, approved vendors of PCI DSS are supposed to perform PCI compliance scans. These vendors are equivalent to certificate authorities in the SSL ecosystem. You’d be surprised to know that a lot of these vendors are SSL certificate authorities. These vendors operate independently of the PCI DSS, but they must adhere to stringent guidelines, and they must also undergo audits and reviews on a regular basis.
However, you must note that there are many types of PCI scanning vendors available. They differ in terms of their operations as well as their depth of scanning. That’s why you must proceed with a lot of caution when it comes to selecting the right PCI scanning vendor.
Comodo HackerGuardian: An All-Round PCI Protection Scanner
There are many PCI compliance scanners available in the market, and to be fair, many of them are quite good. But in our experience, Comodo’s HackerGuardian PCI scanner is a step ahead of the competition. First, it’s created by Comodo, the No. 1 certificate authority in the world. Therefore, there’s no question when it comes to its trustworthiness.
HackerGuardian is a PCI compliance and vulnerability scanner powered by Comodo CA (now known as Sectigo). With a single click, you can scan your internal as well as external networks and get vulnerability reports. With Comodo HackerGuardian, you can scan up to five different IP addresses (you can add additional IPs as necessary).
That’s not where it stops, it also gives you instructions to deal with the discovered vulnerabilities. Once you’ve dealt with the vulnerabilities, you can run the scan again and generate a clean, ready-to-submit report that you can directly submit to your acquiring bank.
Comodo HackerGuardian delivers on all fronts — whether it’s the ease of operations, affordability, or automatic scanning & reporting.
You can do all of this with a single click. Awesome, isn’t it?
Features of Comodo HackerGuardian
- Free PCI Scan — Valid for 90 days and lets merchants comply with PCI requirements for free
- PCI Scan Compliancy Service — On-demand security auditing service that delivers PCI Scan compliance reports and Payment Credential CVC at no charge
- Issuance within one to three days
- Daily PCI compliance reports
- Unlimited scanning feature
- On-demand scan scheduling process
- Automatic report generation
- Scalable from one to 10,000 IP address
The report generated by HackerGuardian are in ready-to-submit format so that you can directly submit them to acquiring bank.
How to Perform a PCI Internal Vulnerability Scan
In order to perform a PCI internal vulnerability scan, you must purchase the Comodo HackerGuardian PCI scan tool. It’s the most powerful scanner at the cheapest price. And at CheapSSLSecurity.com, we give you lowest price — guaranteed. If you do manage to find it at cheaper price, we’ll beat that price.
Purchase Comodo HackerGuardian & Save Up to 72%!
We offer the best discount on Comodo’s HackerGuardian PCI Compliance Scan solution, which starts as low as $70.83 per year.
Now let’s get started with the scanning process. Follow the below steps to scan your internal networks.
- First, run a scan using the Initial Options Defaults
- Now run a report using the PCI scan report template. Just make sure to enable Custom Risk Ranking.
- Once the scan is done, it’ll list the vulnerabilities. You can see the solutions for a particular vulnerability by clicking on it.
- Apply the solutions and run the scan again.
- Once the scan is completed, generate a report using the PCI scan report template. Then, follow the instructions to submit your report.
That’s it! Quite simple, wasn’t it?
How to Perform a PCI External Vulnerability Scan
Just like how we saw in PCI internal vulnerability scan that you need to have the Comodo HackerGuardian scanner to run an external scan. Follow the below steps to perform an external scan:
- First, you need to make sure that the scanner IP addresses are marked as trusted. You might need to add the below IP to the list of trusted IPs.
- Now, click on the Asset Wizard button in your dashboard and add your public-facing IP addresses/ranges.
- Click on Start Scan
- Click on Go to Scan Results once the scan is done.
- Now you should be seeing the list of vulnerabilities discovered by HackerGuardian. You can see the solutions for a particular vulnerability by clicking on it.
- Apply the fix to each vulnerability and rescan your IPs.
- If the scan returns a Pass result, click the Go to Compliance
- Generate a ready-to-submit report by following the instructions.
- Finally, send the report to your acquiring bank.
Done? Give us a high five! You have successfully scanned your website — both internally and externally.
PCI compliance scanning is an absolute necessity, and you shouldn’t leave a single stone unturned in making sure that all of your networks are safe. Comodo HackerGuardian is the most complete PCI compliance scan tool available in the market. And you’re getting it at the lowest price. What are you waiting for?