HI,
I have used QualysGuard PCI but that seems to check my hosting for PCI compliance.
How do I check my actual site for PCI compliance?
Thank you.
HI,
I have used QualysGuard PCI but that seems to check my hosting for PCI compliance.
How do I check my actual site for PCI compliance?
Thank you.
I believe that this is manual and involves the PCI SAQ - Self Assessment Questionnaire
Zen-Venom Get Bitten
Hi,
Thanks. So, there is no way to scan my site/pages to determine if it is PCI compliant?
Please explain EXACTLY what YOU think PCI compliance means.
... cuz I don't think you're thinking it means the same thing as we think it means.
What exactly is the "business problem" you think you're solving by "scanning each page for compliance"? What exactly is this compliance YOU are referring to?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
Payment Card Industry Data Security Standard. Known as PCI DSS.
Our site will have an official PFI report soon at the request of Visa and before they scan our site to ensure it passes their measures, I want to scan myself ahead of time to ensure it passes and doesn't contain any 'breaches'.
I have already scanned our hosting and found possible problems there which are being fixed now but I want to know how I scan our site for possible beaches too.
Thanks.
If you want your own scans done independently of what your Visa service is doing, then you'll need to hire your own scanning vendor to have them do the scan for you.
(Or you could set up your own separate server, configure it with professionally-purchased software that can do scans, learn how to do the scans, and then perform those scans. Then take the courses to study what the scan results mean and how to identify "real" issues vs "false positives". But all of that will cost you a *lot* more time and money than hiring someone who's already doing it professionally. I only mention it for the sake of thoroughness. I would say 99.9% of people would never dare take this on themselves unless it were part of their profession.)
So, yes, the simple and most accurate and appropriate answer to your question is: hire someone.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I agree with the Doctor, there is no tool you can use to scan your site yourself. If you are required by your merchant account to be scanned, then get scanned...when it fails, and it will fail, fix the problems...most of which will be things that the host needs to fix, and scan again until all your left with are the false positives and submit those. Then you can ready yourself for failing every quarter, over and over and over because the scan changes constantly and the scanning vendors are at times implementing rules into the scan that don't actually have an implementation date until sometime far out in the future, like a year away. enjoy.
Mike
GeekHost - Zen Cart Certified & PCI Compliant Hosting
The Zen Cart Forum...Better than a monitor covered with post-it notes!
Bookmarks