PCI Website Vulnerability Assessment

Services clients purchase before

PCI ASV Security Vulnerability Scanning

Services clients purchase after

PCI Network Security Penetration Test

Zen & the Art of PCI Compliance
Top 10 Tips for PCI Compliance
Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

Quote details

What is it?

A PCI Website Security Vulnerability Assessment is the method for identifying application-level security holes, flaws and weaknesses associated with a website that processes, stores or transmits cardholder data. It is conducted using automated scanning software programmed to find application-layer vulnerabilities that would make the website vulnerable to attacks from hackers and is needed to comply with Requirement 6.6 of the Payment Card Industry (PCI) Data Security Standards (DSS).

Why should I do it?

You should do it to “see what a hacker sees”. Conducting this assessment will show you any existing security weaknesses associated with your website that could be exploited by hackers to potentially access or compromise cardholder data.

It is also mandatory for compliance to the PCI DSS if your website processes, stores or transmits cardholder data.

How often should I do it?

The PCI DSS requires conducting vulnerability assessment scanning of your website (if it processes, stores or transmits cardholder data) every 3 months (quarterly) and after any major changes to the site.

What will Risk Factory do?

  • Conduct one Application-Level Security Vulnerability Assessment scan of your website required for compliance.

What will I receive?

  • After the scan you will receive a detailed report of the findings documenting any vulnerability identified and detailing recommendations for mitigating that vulnerability.  To see a sample report, just contact the Risk Factory Foreman.
  • On-call telephonic support from an Information Security consultant for two weeks after the scan to answer any questions you may have about the report or remedial recommendations.
  • A free rescan two weeks after the original scan to ensure recommended remedial actions were effective in mitigating the vulnerabilities originally identified.
  • A certificate of validation for evidence of compliance.

Do I need to prepare anything in advance?

We just need to know the Internet Protocol (IP) address and the Uniform resource Locator (URL) for your website. If you don’t know your IP or URL, don’t panic our Factory Foreman can help you.

Also, don’t forget to specify the exact number (quantity) of assessments you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each assessment purchased. You can for example, purchase multiple assessments (for better value) and get them delivered over time when you need them to match your ongoing business requirements.