Free PCI Security Scan

[Matt]

Free PCI compliance account

GlowHost has partnered with ScanAlert and are pleased to announce FREE PCI security scanning and compliance services from Scan Alert.

PCI compliance is MANDATORY for those of you who accept credit cards online. New Data Security Standards are in effect for merchants that require compliance regardless of the dollar amount that they process online.

PCI compliance account FREE for GlowHost Customers. This is the same quarterly compliance scanning service that ScanAlert retails for $319 per year.

This new service is designed to allow all GLOWHOST customers to easily meet the requirements of Visa and MasterCard’s Payment Card Industry (PCI) Data Security Standard. Compliance with the PCI standards is required by all ecommerce merchants.

The ScanAlert program is a complete security auditing system with a breadth of features that far exceed the basic vulnerability scanning requirements of PCI, CISP and SDP which comprise the PCI Security Standards. A comprehensive security tool, it includes:

• Access to ScanAlert’s web-based Vulnerability Management Portal
• Scheduled quarterly automated vulnerability scans
• Unlimited on-demand manual scans to re-test systems whenever needed
• Detailed instructions to patch all vulnerabilities found during scans
• Easy-to-understand security self-assessment forms and online assistance
• Preparation of the Report on Compliance (ROC) documentation for submission to an online merchant’s acquiring bank

Click the link below to take advantage of this offer.

Free PCI compliance scan

Please see the below PDF for more information on the PCI scanning technology.

If you would like to use this PCI account in combination with GlowHost managed services for your dedicated server to ensure it is PCI compliant please see our managed PCI compliance service.

[andychev]

Quote:

Originally Posted by Matt

Free PCI compliance account
PCI compliance is MANDATORY for those of you who accept credit cards online. New Data Security Standards are in effect for merchants that require compliance regardless of the dollar amount that they process online.
...

Bargain service. Although a nighmare of a field to be in. The basics of pci compliance often arent made clear (hence it took me several days to dig through all the information a few months back when the pci compliance form was put on my desk) There are four levels and depending on where your company falls determines at what level you have to be 'pci compliant'

Level 1: Any merchent processing over 6,000,000 transactions a year, any merchant that has been subject to hacking. Or any merchant that visa says so.
Annual onsite security audit: Required
Quarterly system perimeter scan: Required
Annual compliance questionaire: Required

Level 2: Any merchent processing between 150,000 and 6,000,000 e-commerce transactions per year
Annual onsite security audit: Not Required
Quarterly system perimeter scan: Required
Annual compliance questionaire: Required

Level 3: Any merchent processing between 20,000 and 150,000 e-commerce transactions per year
Annual onsite security audit: Not Required
Quarterly system perimeter scan: Required
Annual compliance questionaire: Required

Level 4: Any merchent processing fewer than 20,000 e-commerce transactions per year and all merchents processing upto 6,000,000 transaction per year (offline)
Annual onsite security audit: Not Required
Quarterly system perimeter scan: Recommended
Annual compliance questionaire: Recommended

It also needs to be clear that pci compliance if for merchants ie you have a merchant number. This doesn not apply if you are using a third party payment system such as paypal, worldpay, etc etc because they are the mechant (they need to do it).

[Matt]

Your information above may be a bit outdated. Level 4 are now required to be PCI compliant. In the past it was simply a recommendation. I agree, there is a lot of grey area and the credit card companies are the ones to blame for that.

They want security but they do not clearly define how we (merchants and or hosts) are supposed to give it to them, and penalize us (merchants) when it is breached.

That is why it is important to have your PCI status up to date because that one item is in "black and white" and is an important factor in safeguarding your merchant status if they decide to do something nasty like sue you someday, or take away you ability to process credit cards, you stand a much better chance in court, and hopefully it would never get that far based on your PCI compliance.

[andychev]

Quote:

Originally Posted by Matt

Your information above may be a bit outdated. Level 4 are now required to be PCI compliant.

Arg i was having a good day aswell! I was so relived when i had this landed on my desk and found it wasnt relevent a few months back. What a pain that they have now changed the boundries. I am sweating just thinking of this being given to me again! Quick run away!

[Matt]

Well again it is all grey. But if you come across the new requirements for Level 1-4 as you are catching up on the new rules, it would certainly make for some good posting.