Banks and PCI Compliance
There have been recent reports of Banks or Merchant providers informing their clients that they must use a certain “ASV” or Approved Scanning Vendor. Some have even gone as far as to deny PCI Compliance Pass reports from other ASV’s.
This is improper and you should not be bullied into using a specific ASV that your bank suggests. If this has happened to you the best defense to this is to simply remind them that this is not allowed and ask to speak to their supervisor. As an end user you have the right to choose any ASV from the PCI Standards Council Approved List and you ARE able to submit the results to ANY bank and they MUST accept it.
Store owners must understand that Security and PCI are one of the largest growing aspects of the online world and as such introduces unqualified, untrained and unknowledgeable people into the industry. Ask to speak to a supervisor if you do not think what you are hearing is correct.
You may also contact your scanning company or ASV as they will most likely have contacts within your bank already. Most times they can clear up any confusion or problems like this for you.
In some circumstances and only if it is extremely urgent or if all other avenues have been exhausted, ask to speak to their CISSP. This is the person in charge of everything Security and PCI related. A portion of their job is somewhat neutral as they are in charge of interpreting PCI and Security Practice Standards for the good of the bank, credit card company as well as the client.
No related posts.