When you establish a brick-and-mortar business, you are often encouraged to choose a location in a low-crime neighborhood with dependable police and fire service. There are no safe neighborhoods on the Internet. Once your business goes online, the entire virtual world is literally one second from your electronic doorstep. Unfortunately, this world includes hackers, data pirates and organized criminal enterprises dedicated to the theft of cardholder data.
Network vulnerability scans enable you to detect and fix vulnerabilities on your website so that you can better protect your customer’s cardholder data and minimize the risk of your ecommerce payment environment from attacks by individuals with malicious intent. The process is minimally intrusive. External-facing systems are scanned and vulnerabilities that an attacker could exploit to gain access to your systems are reported to you. You should address these network vulnerabilities immediately and then re-scan to confirm they have been remediated.
Chase Paymentech highly recommends your business conduct regular network vulnerability scans using an Approved Scanning Vendor (ASV). A complete list of vendors is available on the PCI Security Standards Council Web site. For some merchants, a passing network vulnerability scan is required every quarter in order to be compliant with Visa and MasterCard regulations.
To better protect your business, consider using an ecommerce payment application from a vendor that is validated as compliant with the PCI Payment Application- Data Security Standards (PA-DSS). A complete list of validated payment applications is available on the PCI Security Standards Web site.