Frequently Asked Question

What Is ASV Scanning?

ASV scanning is a security check performed by an Approved Scanning Vendor (ASV) to detect vulnerabilities in a company’s payment systems. These scans help ensure that businesses processing card payments maintain secure networks and meet compliance requirements set by the Payment Card Industry Data Security Standard (PCI DSS).

Understanding PCI DSS 11.6.2 Compliance

PCI DSS 11.6.2 is a security requirement designed to protect businesses from unauthorized changes to their payment systems. It ensures that companies monitor their environments for unexpected modifications that could introduce vulnerabilities or security risks.

Who Needs to Comply?

  • Merchants and service providers handling payment card data.
  • Businesses with internet-facing systems that process transactions.
  • Any company required to perform ASV scanning as part of PCI DSS compliance.

Key Requirements of PCI DSS 11.6.2

  • Implement change detection mechanisms to monitor critical systems.
  • Ensure alerts are generated for unauthorized modifications.
  • Regularly review logs and security reports to identify suspicious activity.

Budget-Friendly Ways to Stay Compliant

1. Choose a Low-Cost ASV Vendor

Some ASV vendors offer affordable scanning services for small businesses, including:

  • Immuniweb - Immuniweb offer application security testing, protection, and compliance services including free options.
  • Sectigo HackerGuardian HackerGuardian is a PCI Approved Scanning Vendor (ASV) and a service provided by Sectigo that helps businesses meet PCI DSS compliance requirements.
  • SecurityMetrics - SecurityMetrics, Inc. is a computer and network security company that offers managed data security services and compliance help

2. Reduce the Number of Systems That Need Scanning

  • If possible, use a third-party payment processor (like Nochex) that handles PCI compliance for you who hosts the payment page.
  • Limit the number of internet-facing systems to lower scanning costs.

3. Use Free Security Tools

  • Before your official ASV scan, check for vulnerabilities using free tools like OpenVAS or Qualys Community Edition.
  • Regularly update software and apply security patches to avoid failing the scan.

4. Look for Bundled Compliance Services

Some vendors offer discounted packages that include ASV scanning, security monitoring, and compliance support. This can be cheaper than paying for each service separately.

Small businesses can meet ASV scanning and PCI DSS 11.6.2 requirements without spending a fortune. By choosing affordable ASV vendors, reducing the number of systems that need scanning, and using free security tools, compliance becomes much more manageable.

Please Wait!

Please wait... it will take a second!