This article covers common reasons merchants may fail their PCI compliance vulnerability scan.
In order to become PCI compliant, certain SAQ profile types must pass a PCI compliance vulnerability scan. Common reasons for failing this scan are:
- You have open ports that should be closed.
- The incorrect IP address was entered for the scan.
- You are hosting your own eCommerce website.
- This can be done but is much harder to pass.
- Your TLS versions are out of date.
- SSL is no longer PCI compliant.
You can download a vulnerability scan executive report in Sysnet. To do so, complete the following:
1. Navigate to the Sysnet PCI Compliance Manager portal.
2. Log into your account.
3. Click Be Scan Compliant > Manage > Review your PCI DSS External Vulnerability scans.
4. Click Actions > Download > Download.
This report will give you more information on the scan itself and the results of the scan. If you have any questions about the vulnerability scan, contact Zomaron support.