PCI Security Scans are scans conducted over the Internet by an ASV (Approved Scanning Vendors). PCI Security Scans are an indispensable tool to be used in conjunction with a vulnerability management program. Scans help identify vulnerabilities and misconfigurations of web sites, applications, and information technology (IT) infrastructures with Internet-facing internet protocol (IP) addresses. 

Scan results provide valuable information that support efficient patch management and other security measures that improve protection against Internet attacks. 

Scans are not required on all merchants but are indispensable in verifying potential security risks.  When performing a scan please be sure to provide the correct internet-facing IP addresses that would store, process, or transmit cardholder data.  For an example, this could refer to any plugin that is being used to store, process, or transmit cardholder data.

To learn more about the PCI DSS Security Scanning requirements, you can download a PDF from their website

Security Scanning Procedures

For additional information on PCI DSS requirements please refer back to our Knowledge Base concerning PCI.

PCI DSS Knowledge Base Folder

If you have any additional questions please feel free to reach out to our Customer Support team at 801-623-400 Option 2.