Qualys is certified to help merchants and their consultants evaluate the security of credit card payment systems that process, transmit and store cardholder data, and achieve compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). To learn how to validate compliance with the PCI Data Security Standard, go here.
The Payment Card Industry (PCI) Compliance module is available in your account only when the PCI module is enabled for your subscription. This online help describes features and functionality available when the PCI module is enabled. Please contact Technical Support or your Technical Account Manager for information.
The PCI Security Standards Council requires banks, online merchants and Member Service Providers (MSPs) to protect cardholder information by adhering to a set of data security requirements outlined in the PCI Data Security Standard. Founding members of the PCI Security Standards Council are American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.
The PCI Data Security Standard (DSS) represents a common set of industry tools and measurements for ensuring the safe handling of sensitive information. It details technical requirements for the secure storage, processing and transmission of cardholder data. The PCI Security Standards Council (PCI SSC) released new Approved Scanning Vendor (ASV) requirements on March 16, 2010; these changes are detailed here.
Our Vulnerability Management (VM) service is integrated with our PCI Merchant service to help you meet all PCI DSS certification requirements. Using the VM service, you can run PCI compliant scans on your in-scope infrastructure, perform remediation of detected vulnerabilities, and re-scan as needed to confirm you are compliant with the PCI DSS requirements. When no PCI vulnerabilities are detected by your PCI scan, use the Share with PCI option to share your completed PCI scan with the PCI Merchant service. Then log into your Merchant PCI account to generate PCI network reports and take required actions for certification: 1) submit network reports to your ASV for review and approval, and 2) once approved, submit PCI certified reports directly to your acquiring banks.
These PCI report templates are provided by the service: PCI Executive Report and PCI Technical Report. Both reports identify PCI compliance status for a selected PCI scan. Important: These reports cannot be submitted to your acquiring banks for PCI certification.
The PCI Executive Report for a scan launched on September 1st, 2010 or later indicates that the report is not eligible for PCI certification due to the PCI DSS requirements in effect. Please use the Share with PCI feature to share the PCI scan with your PCI Merchant account in order to generate a PCI network report and complete the required actions for PCI certification.
The PCI Executive Report for a scan launched before September 1st, 2010 can be generated at any time for your records. This version of the report reflects the PCI DSS standards in effect at that time and can no longer be submitted for PCI certification.
The PCI Technical Report includes the same sections as the PCI Executive Report plus a detailed results section, which identifies detected vulnerabilities. This report is recommended for individuals responsible for fixing vulnerabilities for PCI compliance.
Running Reports from Report History List
Running Reports from Report Templates List