|
|
 |
What to do if you failed a PCI Scan
If you have a failed PCI scan, you want to take action ASAP. Even 1 item on a scan could allow a hacker get into your server and compromise the whole
thing. Failing a scan does not mean you will be immediately hacked, but its something you need to look at. You want to keep your server as secure as possible at all times.
To become PCI compliant in 24 hours for $19.95/mo check here: become PCI compliant
Penguin Web Hosting can help if you:
- Are receiving a monthly PCI non-compliance fee from your Merchant Provider
- You failed 1 or more items on a PCI scan
- Your current host is running old version of PHP, mySQL or other Linux page
- You are failing the PCI scan due to an old version of OpenSSL, OpenSSH or exim
If you have failed PCI compliance, at Penguin Web Hosting we can help get you compliant within 24 hours, so that you won't fail your next PCI audit. Once you are setup with PWH we will
run a PCI scan, and if there are any items to address, we will help you take care of them. Traditionally a PCI DSS scan, will find at least one item failed, or that it will give a warning on.
A lot of them are minor, but still need to be addressed. For example if you have a php info page, or if you allow users to connect to your store with a less secure version of SSL, such as SSLv2.
And in the PCI failed scan report there are a lot of technical terms that you might not understand or know how to fix, but your host will.
If you have a managed host, you should show the failed PCI DSS scan report to your host. Your managed PCI service provider will help you patch any holes, and help you get to the point
where you will pass another scan. Some hosts, such as Penguin Web Hosting, will scan your site as frequently as daily. Many scans will scan for over 30,000 vulnerabilities so its not uncommon to fail a scan at some point, especially if there is a new vulnerability.
This is good reason why it's good to be scanning daily, if you are scanning quarterly, it can be as much as 89 days before you are notified that your site has an open vulnerability.
With Banks and Merchant providers raising the non compliance fees regularly, these fees will be over $100/mo at many merchants by the end of the year, therefore its important to meet compliance as soon as possible.
In addition you want to receiving a service charge from your merchant provider, in the event of data breach you can also be fined by he Payment Card industry, and those fines are a lot
more then the one from your bank. The fines from the PCI can easily exceed $50,000 even for a small business where only a handful of card numbers were compromised.
|
|
|
|
|
|
|
|
|
