Free PCI Compliance Scan

Posted on 2011-10-22
Last Modified: 2012-05-12
I need a free PCI compliance scan? Any suggestions?

Question by:s8web
    LVL 38

    Accepted Solution

    As you can see, no one would do this for free, they have to scan you wireless, and they have to scan all your internal and external hosts. You should also note, that there is no absolute compliance in these types of scan's, you will always get a 1 or higher (1 and 2 are nearly the same) these scan's are also poorly defined, read that document it's abysmal.
    Then you should call one or more of the 152 approved PCI ASV's found here:
    Do not call anyone else.
    Here is the standard:
    If your not storing or routing the credit card information, your not bound to PCI, if you have a "shopping cart" that is outsourced (like using pay-pal, google-checkout or others) then you don't have to be PCI compliant.
    LVL 29

    Assisted Solution

    by:coreybryant from Comodo offers a free one but remember, (as pointed out), most of them are trying to sell you something.

    First, determine why you need to be PCI compliant, and level.  A lot of companies do not need to have an onsite inspection, they can complete the self-assessment questionnaire.  

    Read version 2 though:, Version 1 "expires" on 31 Dec 2011.
    LVL 60

    Assisted Solution

    Free pco dss scan is actually quite avail with most security vendors and they meted if out as free trial. Importantly, it os the follow through and the ability to interpret what next frm the report generated. Suggest to also engage a qsa or forum of expert to better understand the llan of actions.
    LVL 16

    Author Closing Comment

    Thanks for the input. Overall I think that the PCI compliance process is a good thing. Someone should press developers and merchants to secure their stuff. The problem I have is that a fair amount of money and time has gone into this, and frankly; it doesn't cost someone much to run an automated penetration test on a site. Since compliance is required, there should be a no cost solution to developers that allows them to run an automated test to see if their application and environment is buttoned down before releasing the product to their customer or unleashing it on the world. The end user would benefit too. Waiting for the authority to come by and scan your stuff takes a few months. This creates a '0-day' scenario for both merchants and customers.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now