Credit card companies pressure banks to make sure card captures are transferred securely- in order to cut down costs on fraudulent purchases. Banks choose a PCI Compliance provider to run scans against servers/sites to make sure they are secure.
The scans themselves are usually done monthly. Scans generally always flag failures, the system is automatic and ultimately the annoying legwork is passed onto the customer. We check these failures and submit why they are not failures, or remedy the situation and tell the service what we did. This process is called appeals.
If the scan passes, the website is approved for 3 months. Even if the next monthly scan fails, the site does not need to be appealed for 3 months, including the passing month. If a scan fails, it must be appealed until the PCI Compliance company agrees that our appeals are valid. Usually this is rather cut and dry, though sometimes new items popup that must be solved.
Steps: PCI Compliance scan-> August Ash reviews the results-> Appeals-> PCI Compliance approves or rejects our appeals-> August Ash appeals until approved fully-> When approved we do not need to re-appeal for three months.
Have more questions? Submit a request