Why you need to do ASV external vulnerability scans

ASV external vulnerability scans, what are they and why do they matter?

A requirement (11.2.2) of the Payment Card Industry Data Security Standards (PCI DSS) is for any internet facing payment methods to be scanned by an ASV (approved scanning vendor).

The scan looks for vulnerabilities or weaknesses in the internet facing IP address that could be used by someone on the internet to gain access to your customers’ information; specifically the card holders’ data.  Such an attack on your business could be devastating.

Consequences include:

• Fines from the card schemes
• Liability for financial losses and personal claims
• Voidance of some business protection insurances
• Loss of customers and partners due to damaged reputation

Through NetPay and First Data’s PCI compliance programme all customers get access to unlimited certified vulnerability scans.

If your scan is successful you can continue the compliance check.  If it is unsuccessful the business must make the recommended changes and re-run the scan.

Once the scan has run successfully, businesses should start getting into the habit of logging in and running the scan every quarter, as this is the only way you can be confident that the internet facing IP address remains secure.

For more advice and help businesses can call customer services on 0333 311 0200 (option 2), email or Webchat with an industry expert.

Share this: