PCI Compliance FAQ

PCI Compliance refers to the process of meeting security requirements related to protecting customers’ data (especially credit card data). PCI Compliance is an ongoing process with scans being performed quarterly (or more often, depending on the scanning vendor) to make sure that server environments maintain the needed level of security.

The process of becoming PCI compliant can be complex. For more general information about PCI Compliance, see our article What is PCI Compliance? Even when you understand PCI Compliance, you may have additional questions about PCI Compliance here at Liquid Web.

Frequently asked questions

Many things change on servers. Updates, SSL’s, and re-configurations can all affect PCI scans. This is why compliance requires regular scans to make sure that any recent changes haven’t exposed the server to danger.

Responses to a scan may be different between different domains. Many tests are domain specific, such as cross-site scripting, sql injection, etc, that will depend on the web application being used on the site.

Each Authorized Scanning Vendor (ASV) uses a unique approach to PCI scanning. If your scan passed Liquid Web’s partner scan (from CloneSystems) but failed another vendor’s scan, it is likely due to false positives that our Support team can help you resolve.

No, a PCI scan is a vulnerability assessment. A penetration test would involve attempting to exploit any found vulnerabilities to compromise the target. A PCI scan will only reveal potential threats, and they may be false positives. Our PCI specialists can help distinguish between real threats and false positives to make sure your systems are secure.

Was this article helpful?

Thank you for your input.

Thank you for your feedback.