Frequently Asked Questions
Do your scans meet the requirements for PCI compliance?
Yes. Our services are geared around industry best practices and meeting common compliance standards, including PCI DSS. Our external vulnerability scans are Approved Scanning Vendor (ASV) certified and approved. Included with every passing scan is a certified PCI DSS Attestation of Scan Compliance report that you can present to your bank or assessor when they ask you for evidence of your external scanning compliance.
How long do scans generally take?
Scan duration depends on the responsiveness of your server. Some scans finish in close to an hour, while others take over four hours to complete.
Which IP Addresses Should I Scan?
Read our article on this here.
How often should I have my site scanned?
Regular scanning helps you to be aware of and respond to emerging vulnerabilities quickly. However, scans performed too frequently can burden your server with unnecessary overhead and traffic. For most customers, we recommend that you schedule scans monthly. When scans fail, perform on-demand scans after implementing resolutions as needed until you are able to obtain a passing scan report.
Will a PCI scan cause my server to go down?
Our scans are designed to be low-impact and non-intrusive. It’s very unlikely that you will experience downtime as a result of the scan. You may, however, notice slightly reduced responsiveness from your server as the scan is run. Therefore, we recommend that you schedule your scans to run during your off-peak hours.
How do I get my scan results?
You will be notified by email when your scan completes. To view your scan results, login to your ServerScan account. In your scan manager, go to the scan portal, then click on the “Compliance Reports” tab. From there, you can view and download your scan results and documentation
How do I complete my Self-Assessment Questionnaire (SAQ)?
In the My Account section of ServerScan after you log in, all of the SAQ forms are available for download.
Which Self-Assessment Questionnaire should I complete?
This depends on how you receive, transmit, and/or store credit card information. Please reference our SAQ Selection Guidance page for details.
Can I adjust the schedule of my scans?
Yes. To adjust your scan schedule, simply login to your ServerScan account, go to the scan portal, and click on “Scan Schedules” under “Manage Scans”. From there you can set a daily, weekly, monthly, or quarterly schedule for your scan. You can even specify which day of the week, or month you want the scan to run, and which time period of day to start each scan.
What other types of scans does PCI DSS require?
That is best answered here: Scanning Requirements Explained
How does your money-back guarantee work?
Our objective is to help you secure your servers and pass the scanning requirement for PCI compliance. We confidently stand by this objective with a money-back guarantee. If you are unable to obtain a passing PCI scan with the resources we provide, we will refund your full purchase price.
Great! How do I get started?
First, Sign up for PCI scanning. Once you've purchased the PCI Scanning service for your fully qualified domain name (preferred) or IP address, we will configure your account and run your first scan. When your scan completes, you can login to your account to repeat the scan, schedule recurring scans, and download scan reports. It is that simple!