PCI compliance scans usually run once every 3 or 6 months, depending upon the company you use. As new vunerabilities are discovered or the credit card merchants change up what is acceptable setups, PCI compliance companies will add new tests into a PCI scan. As such each time a scan runs 99% of the time it is to be expected that there will be new things they will be testing for. Sometimes your site & hosting server will pass those tests without any action, and sometimes actions will be required.
In the event that your site fails a PCI compliance scan, please open a ticket or email us with copy of test results so our team can review it and let you know what actions need to be taken. Most of the time it is server level updates which we can usually take care of for free. In some cases though that require more complex server updates or website updates, there may be a billable charge. In that event you will be given the exact price for that work. Some additional common questions:
Why do we have to go through this process again, since we just did several months ago?
This is due to the recent requirements made by the credit card processors in order to allow you to accept credit cards online. They currently require PCI compliance scans to happen once every 3-6 months depending upon the company.
Did you miss some repair / patch last time?
Every time a client gives us a PCI compliance report, we work on all items we can resolve and give you a report back including any “false positives” to give to them, so that you can rerun the scan. We continue doing this for that report, until your site passes. Once an item passes the test, all future scans made that item will automatically pass the scan. So any new scans you give to us with failing items, will always ONLY contain failing items for the new tests they added to the scan.
Why do we have to pay for this service – shouldn’t it be included with hosting?
Years ago PCI compliance updates were very easy, usually a small list of maybe 10 items. Unfortunately these days those reports can average 50+ items, which is very time consuming to review and give responses back or updates. While we do ensure our hosting servers are some of the most secure online, many of these PCI companies insist on having various elements turned off / disabled on your hosting account or server that have nothing to do with PCI compliance. Some examples include: disable email, disable FTP, disable database access, etc. With things like this disabled or changed dramatically, it severly limits website functionality.
However our experts can still help. We have various options which include:
A. PCI compliance scan report and work.
B. Various updates to your ecommerce website that take credit card processing completely off your website, thus eliminating the majority of PCI compliance items that fail.
Contact us today to find out more.
