A Website PCI Compliance Scan report is broken down into two areas:
a. Server Hosting security issues: If you are hosting with us, typically we do all server wide PCI compliance updates at no charge to you, as it helps all of our customers. It is very rare circumstances that our clients are charged, and typically only in situations where they have a dedicated server that they have heavily modified in a negative way outside of the original server image.
b. Website security issues: Website specific PCI updates are handled on a case by case basis, sometimes requiring minor billable updates, sometimes requiring no charges at all, and sometimes requiring us to simply provide you with a report showing an item to be a false positive.
The reason why we charge in some cases for website security issues, is no different than why you have to continually purchase new anti-virus software subscriptions every year or new versions of software as your Operating system changes. Computer technology is ever changing. What is considered a standard of security for your computer or website today, tomorrow may provide a hacker or spammer the means to get into your computer or website. If you have been actively using your computer and the internet for more than a year, you have experienced direct examples of this in areas of:
a. Need to get updated software if you change to a newer computer / operating system – in example moving from Windows XP to Windows 7 and you need to purchase different version of your anti-virus software, or MS Office, etc.
b. Went from receiving no spam to your email address, to suddenly receiving hundreds of spam per day, forcing you to purchase an anti-spam or all in one anti-virus / anti-spam software to help cut back on this.
c. Have experienced a website you frequently go to which now suddenly requires you to read words and type them into a box on login / register, etc.
Also keep in mind while each PCI Compliance company has to adhere to the same standards, each company is slightly different in their testing practices. As such one company may report back no issues or very few which require no billable time, while other companies who are not as thorough on their testing procedures may report back a very high number of inaccurate high risk items that requires much more research / response time with corresponding billable time. As such if you are getting very high risk reports back, we can make suggestions of reliable companies that you can choose instead of your provided PCI compliance company to make this process easier to handle.
To find out more about PCI Compliance testing and updates for your website and server, please contact us for a consultation and a no-obligation quote.
