What is PCI Scanning?

Answer : PCI scanning refers to quarterly external vulnerability scans that must be performed by a PCI approved vendor.  The goal of a PCI scan is to assist in securing credit card data.

The Payment Card Industry (PCI) Data Security Standard resulted from a collaboration between Visa and MasterCard to create common industry security requirements. The Payment Card Industry’s Data Security Standards (PCI DSS) requires that all merchants processing credit cards must operate their computer systems and IT equipment in compliance with the DSS. All major credit cards such as Visa, MasterCard, American Express, Discover and JCB endorse and require the unified PCI DSS, which details information security requirements for merchants, service providers, and acquirers to help protect against fraud and identity theft. The PCI Security Standards Council sets the standards for PCI security but each payment card brand has its own program for compliance.

Requirement 11.2.2 of the PCI DSS requires quarterly external vulnerability scans by an Approved Scanning Vendor (ASV) approved by PCI SSC.

Specific questions about compliance should be directed to your acquiring financial institution.