PCI Compliance Scan
If you have an e-commerce website and you accept credit card payments,
you must run periodic PCI (Payment Card Industry) scans to remain compliant with credit card industry standards.
Everleap offers PCI Compliance Scanning and Certification solutions through our partner, SiteLock.
Why use SiteLock PCI Compliance Services
PCI Questionnaire Simplified
One of the pain points of PCI compliance
is the notoriously lengthy 280+ question questionnaire that is required.
The SiteLock PCI Compliance service helps fill out ~80% of the questionnaire, saving you a LOT of time.
Unlimited FREE PCI Scans
To meet Payment Card Industry standards, PCI compliance requires quarterly scans to be submitted.
But some PCI scanning providers only offer annual scans, and they charge extra for additional scans.
SiteLock allows you to run a PCI Scan anytime you want - so you do not need to pay additional fees to run your quarterly scans.
PCI Compliance Certification
SiteLock is a fully certified PCI Certification provider.
At $360 per year the SiteLock PCI solution is one of the lowest priced PCI scanning services.
NOTE: The SiteLock PCI Scan service requires a SiteLock Website Security Scan Plan.
Benefits of Working with Everleap
We help deal with PCI Scan issues
Often the first PCI scan returns a report of various issues.
Everleap provides mitigation consulting services to interpret the security gaps and advise on how
to resolve the issues. In additiona, being close partners with SiteLock,
the Everleap team can discuss issues directly with the SiteLock team to help find resolutions to security gaps.
What is PCI Compliance?
Obtaining PCI compliance demonstrates that your site protects your customer's credit card data by meeting security standards
set by the Payment Card Industry (PCI).
The Payment Card Industry (PCI) Data Security Standard (DSS) helps establish standard practices on the location of
credit cardholder data and its transmission. The SiteLock PCI compliance scan service is a
convenient way to meet complex PCI requirements.
What are PCI requirements and what are the risks?
All ecommerce websites that store, process, or transmit credit card information needs to be PCI compliant.
This also includes websites that may only take credit card payment information over the phone and websites that
use third-party payment processers, like PayPal. If your site does not comply with PCI DSS, then you could be
liable for fines between $5,000 to $100,000 per month until PCI compliance requirements are met.
This kind of risk is not worth taking for your business.
PCI Compliance Scanning FAQs
Here are some common questions regarding PCI Compliance.
The PCI is made of of all the major players in the credit card business,
such as Visa, MasterCard, American Express and Discover. They have all come together to try to reduce credit card data loss.
To this end, they created the Payment Card Industry Security Standards Council (https://www.pcisecuritystandards.org) and that council
established standards for cardholder data security. These standards are known as the PCI Data Security Standard (PCI DSS).
The PCI DSS applies to ANY organization, regardless of size or number of transactions,
that accepts, transmits or stores any cardholder data.
No, you are free to use any PCI Compliance Scanning service you want to use.
Please do review the benefits listed above of using our partner, SiteLock, while you decide on your PCI certification
solution. Also, as stated above, when there are security gaps, Everleap is a close partner to SiteLock and
we can consult with them to help resolve issues. With other PCI Compliance vendors, we have found
mixed levels of helpfulness.
Yes, ALL businesses that store, process or transmit payment cardholder data must be PCI Compliant.
Yes. Using a third-party company does not exclude you from PCI DSS compliance.
Your risk exposure is reduced, so the compliance validation work is reduced.
However, you still need to be PCI DSS compliant.
No. SSL certificates secure data transferred to and from a website, but that is only
one aspect of meeting PCI DSS compliance. There are other requirements that need to be met to achieve PCI compliance.
The danger is that the payment brands can fine a bank between $5,000 to $100,000 per month for a PCI compliance violation.
The banks will not want to absorb these fees and will most likely pass this fine along to the merchant.
Other actions the bank may take is to terminate your account or increase your transaction fees.
All these scenarios will be devastating to a business.
Cardholder data includes Cardholder name, Expiration date and Card Verification Value (CVV).