OUTSCAN PCI
On-Demand PCI Compliance Verification
OUTSCAN PCI is the ideal tool for businesses of all sizes to achieve and demonstrate PCI DSS compliance. OUTSCAN PCI provides fully automated network scanning, easy-interpreted reports and on-line support for completing the PCI DSS Self-Assessment Questionnaire (SAQ).
OUTSCAN PCI is delivered as a turnkey Software as a Service (SaaS) solution, allowing immediate deployment with no installation or maintenance required. Other advantages of using OUTSCAN PCI include:
- Proprietary technology - Based upon our leading core vulnerability scanning technology.
- 24/7 technical support - Unlimited phone and e-mail support provided by security experts.
- Ease-of-use - An easy-to-use web interface and an intuitive workflow for achieving PCI DSS compliance.
- Best value for money - Competitive pricing and free rescanning of identified vulnerabilities between the quarterly assessments as defined in the PCI DSS.
Compliance Validation Levels
While the PCI DSS outlines the underlying data security standard, compliance requirements are formally set by the individual payment card brands. However, MasterCard's Site Data Protection Plan and Visa's Cardholder Information Security Program as outlined in the table below are representative.
| Level | Criteria | Annual Onsite Audit | Annual Self Assessment Questionaire | Quarterly Perimeter Network Scan | |
|---|---|---|---|---|---|
| Merchant | 1 |
- Any merchant processing more than 6 million transactions per year - Any merchant that has suffered a security breach that resulted in an account data compromise |
QSA* |  |
|
| 2 | - Any merchant processing 1 to 6 million tranactions per year | |
|
||
| 3 | - Any merchant processing 20.00 to 1 million e-commerce transactions per year | |
|
||
| 4 | - All other merchants | |
|
||
| Service Provider | 1 | - All procesors, payment gateways and Internet Payment Service Providers | QSA* | |
|
| 2 | - Any other service that is not in level 1 and stored, processes or transmits more than 1 million accounts/transactions annually | QSA* | |
||
| 3 | - Any service provider that is not in level 1 and stores, processes or transmits less than 1 million accounts/transactions annually | |
|
* Annual onsite audits are conducted by Qualified Security Assessors (QSAs), please contact Outpost24 for further information.
* The PCI Security Standards Council Approved Scanning Vendor logo is a trademark or service mark of The PCI Security Standards Council in the United States and in other countries.
