What is PCI Scanning/Compliance?

What is PCI Scanning/Compliance?

PCI stands for Payment Card Industry and is a group of the top 5 credit card companies in the world.  Together they come up with a group of security settings that should be standard on all web servers that will house eCommerce based websites.

Many payment gateways that you may use to accept credit card payments on your site will require that the server you be on be PCI Compliant. They will require you to obtain services from a PCI scanning company (separate from Applied Innovations) to scan your site and the server your site resides on.  The company will provide you with a report as to whether your site passes or fails PCI compliance.

Failures can result from problems with your site itself and it’s coding as well as server side settings.  In the event that your site fails you may forward us a copy of your failed report and we will investigate if there is anything on the server side that needs to be fixed.

We maintain that our servers are PCI compiant but PCI standards do change quite often.  So there may be new vulnerabilities that need to be addressed.  Also PCI scans do not have full capabilities to scan everything they deem needs to be addressed.  This results in a number of false positives coming up as failed vulnerabilites.  It should also be noted that PCI scanning companies refuse to note previously established false positives on a domain name.  This will cause those false positives to show up each scanning period in case you are noticing vulnerabilities each time.

For more information on PCI Compliance please see https://www.pcisecuritystandards.org/