What is the difference between vulnerability scanning and PCI scanning?

Though both our vulnerability scanning and PCI scanning services scan your website to identify potential issues that a hacker could exploit they aren’t identical services.

PCI scans serve a very specific purpose: They’re meant to keep you PCI compliant. PCI standards provide the framework for organizations to ensure that credit card information is kept safe from hackers and breaches. PCI scans are quarterly scans that conform to very specific guidelines that are determined by the PCI council. You can find out more about PCI scans and PCI standards at pcisecuritystandards.org

Your acquiring bank may require a specific PCI provider and it’s best to check with your bank before purchasing PCI scans. If you fail to be PCI compliant, you may be subject to fines.

Vulnerability scans are used by website owners to proactively address any security issues that websites may have. These scans help you identify parts of your website that are easily exploited by hackers. You may choose to scan your site daily, weekly, monthly or even opt to scan on demand only. Please note that vulnerability scans can’t be used to become PCI compliant.

Customers using our new PCI service (as of summer of 2016) will notice that PCI scans are now closely tied to our vulnerability scanning service. However, it is still true that the vulnerability scans without the PCI add-on cannot be used for compliance purposes. If you have additional questions, please click here to contact our support team. 


Have more questions? Submit a request