Frequently Asked Question

Where can I find a PCI Approved Scanning Vendor capable of providing quarterly PCI vulnerability scans?

Right here! Sectigo HackerGuardian offers a range of PCI compliance services designed for merchants and service providers of all sizes....
Frequently Asked Question

Where can I find and complete the Self-Assessment Questionnaire?

Hackerguardian provides a free wizard that guide merchants and service providers through each stage of self-assessment questionnaire. More details on the wizard can be found : here Merchants have to answer all questions with 'Yes' or 'N/A...
Frequently Asked Question

What reports are provided by HackerGuardian scanning service? (v2)

HackerGuardian Scan Control service provides two reports which may be submitted to your acquirer to demonstrate PCI compliance - the Executive Report and the Technical Report. Both reports contain the Attestation of Scan Compliance. The Executive...
Frequently Asked Question

What if I fail the PCI scan?

If your HackerGuardian Executive Report indicates 'NOT COMPLIANT' then vulnerabilities with CVSS base score greater than 4.0 were discovered on your externally facing IP addresses. The accompanying Technical Report contains a detailed synopsis of each vulnerability...
Frequently Asked Question

What criteria causes a Pass or Fail on a PCI scan

Each post-scan HackerGuardian Executive report states a PCI compliance status of 'Compliant' or 'Not Compliant' based on the discovery of potential security flaws on your systems. If no vulnerabilities with a CVSS base score greater than 4.0...
Frequently Asked Question

How often do I have to scan?

Every 90 days / once per quarter. Merchants and Service providers should submit compliance documentation (successful scan reports) according to the timetable determined by their acquirer. Scans must be conducted by a PCI Approved Scanning Vendor...
Frequently Asked Question

What is a network security scan?

A Network Security Scan involves an automated tool that checks a merchant or service provider's systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing...
Frequently Asked Question

Do merchants need to include their service providers in the scope of their review?

If you outsource your card processing to a service provider then you should check that they are PCI compliant. Web hosted customers should also ensure the web hosts infrastructure is PCI compliant. This can usually be...
Frequently Asked Question

What are the compliance validation reporting requirements for merchants?

Under the new PCI standard, the compliance validation requirements for merchants of the VISA CISP and MasterCard SDP programs have been aligned so that merchants need only validate their compliance once to fulfill their obligation to...
Frequently Asked Question

Are there alternatives to encrypting stored data?

Stored cardholder data should be rendered unreadable according to requirement 3 of the PCI Security Audit Procedures document. If encryption, truncation, or another comparable approach cannot be used, encryption options should continue to be investigated as...