PCI Scanning

The PCI DSS details security requirements for merchants and service providers that store, process, or transmit cardholder data. To demonstrate compliance with the PCI DSS, merchants and service providers may be required to have periodic PCI Security Scans conducted as defined by each payment card company.

PCI Security Scans are scans conducted over the Internet by an ASV. PCI Security Scans are an indispensable tool to be used in conjunction with a vulnerability management program. Scans help identify vulnerabilities and misconfigurations of web sites, applications, and information technology (IT) infrastructures with Internet-facing internet protocol (IP) addresses. Scan results provide valuable information that support efficient patch management and other security measures that improve protection against Internet attacks.

PCI Security Scans may apply to all merchants and service providers with Internet-facing IP addresses. Even if an entity does not offer Internet-based transactions, other services may make systems Internet accessible. Basic functions such as e-mail and employee Internet access will result in the Internet-accessibility of a company’s network. Such seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems and potentially expose cardholder data if not properly controlled.

For more information see the PCI Scanning documentation from PCI Standards Group

I'd like to receive a PCI compliant vulnerability scan, which is provided by nCircle FAQ, an ASV in good standing.