PCI Security Scans
- PCI Compliance is an ongoing process. Most merchant processors require quarterly scans. You should expect that each scan will find new items and issues related to PCI Compliance.
PCI scans are evaluations of your specific website, as well as the web server where your site resides and the core software that is running on the server. Results of PCI scans are used to report your PCI compliance status to your merchant account provider.
We have never had a situation where a problem identified by a PCI compliance scan could not be fixed and/or resolved.
- We cannot know how long it will take to fix a vulnerability or problem until we have seen the PCI scan report. Most problems can be resolved within one week, and frequently in one day.
- If a PCI scan identifies a problem that is in our core software or our servers, we will fix these at no charge.
- If the PCI scan identifies a problem with a third party software integration, a feature/functionality we developed specifically for your website, a data feed, or data/content taken from another site/source, we will need to charge you to fix the issue (at an hourly rate of $65 or $100 depending on the nature of the problem).
- PCI security scans are programs that run automatically and autonomously. They scan thousands of websites built on a massive variety of platforms and servers and, needless to say, they are not set up to run custom scans for each possible variation. Sometimes, a PCI scan will identify something incorrectly as a vulnerability or it will mark something as a problem that is irrelevant to your website. We call this a false positive. In such cases, there is not something for us to "fix", instead, there are standard procedures (each company is different) we have to go through on your behalf to get the matter resolved. Depending on the vendor, there can be a significant amount of communication involved. We will need to charge you to review and/or resolve the issues (at an hourly rate of $65 or $100 depending on the nature of the problem).
PCI scans are very thorough and often present non-critical issues that do not effect PCI Compliance or website security (ie. Level 5 issues vs. Level 1 issues). These are usually informational or not relevant to your website (false positives). Our policy is to ignore these. If you would like us to evaluate / deal with non-critical issues we will need to charge you to resolve the issues (at an hourly rate of $65 or $100 depending on the nature of the problem).
- Many vendors require you to fill out a twelve part questionnaire describing your security practices. Some of the questions may relate to the website and some may relate to your internal business practices. If you have specific questions for us related to our security practices, we can usually answer them. If you would like assistance with filling out the questionnaire, we can assist you at a rate of $65/hour.
We offer a robust PCI-Compliant payment solution through Pay Junction that eliminates the need for the credit card information to travel through your website and our web servers. This solution helps to avoid the hassles related to PCI Compliance and provides an excellent level of security. Please let us know if you would like to find out more details.
Need a Website?Get a Quote
- Marketing Bite: Simplify Your Homepage Text
- Marketing Bite: Connect with Email Subscribers on Facebook
- Marketing Bite: Use Attribution Modeling to Tune Your Online Marketing Budget
- Marketing Bite: Hone Your Marketing Approach Using Customer Observations
- Marketing Bite: Test Your Mailing List Signup
- Marketing Bite: Read Facebook's Admin's Guide to Moderating Your Page