{"id":8373,"date":"2024-08-01T10:03:15","date_gmt":"2024-08-01T15:03:15","guid":{"rendered":"https:\/\/iqcol.com\/?p=8373"},"modified":"2024-08-01T10:15:07","modified_gmt":"2024-08-01T15:15:07","slug":"analisis-de-vulnerabilidades-y-proveedores-aprobados","status":"publish","type":"post","link":"https:\/\/iqcol.com\/en\/analisis-de-vulnerabilidades-y-proveedores-aprobados\/","title":{"rendered":"Complete guide to Vulnerability Analysis and Providers Approved by PCI"},"content":{"rendered":"

Data security is critical to any business that handle online transactions. The Data Security Standard PCI (PCI DSS) has established strict requirements to protect the information of the payment, and one of the key components is the analysis of vulnerabilities, external made by Analytics Providers that are Approved (ASV).<\/p>\n

What is the Analysis of Vulnerabilities ASV?<\/strong><\/h2>\n

The analysis of vulnerabilities ASV is a comprehensive assessment by approved suppliers to identify and mitigate potential risks in e-commerce systems. These analyses are essential to ensure that the environments of payment are safe and comply with the standards of the PCI DSS.<\/p>\n

New Requirements in PCI DSS v4.x<\/strong><\/h2>\n

With the update to PCI DSS v4.x you have added specific requirements for the traders who use the self-assessment questionnaire (SAQ) A. These new requirements are designed to address violations are common and increase safety in environments of e-commerce.<\/p>\n

Traders SAQ now must complete the Requirement 11.3.2 of PCI DSS<\/a>that requires evidence of approval of scans external performed by an ASV at least once every three months. This step is crucial to minimize the risk of breaches that could compromise the payment transactions.<\/p>\n

\"An\u00e1lisis
Analysis of Vulnerabilities<\/figcaption><\/figure>\n

Who Applies?<\/strong><\/h2>\n

These scanning requirements ASV apply to e-commerce systems which:<\/p>\n

    \n
  1. Redirected to the payment transaction to a third party service provider (TPSP) that complies with PCI DSS.<\/li>\n
  2. Include a page or form of integrated payment from a TPSP to comply with PCI DSS.<\/li>\n<\/ol>\n

    The goal is that traders identify and remediate vulnerabilities that can expose your link to the payment page of the TPSP, thereby ensuring the security of the transactions.<\/p>\n

    Resources and Key Considerations<\/strong><\/h2>\n

    The PCI Security Standards Council has created this guide to provide educational resources, and answer frequently asked questions about the Requirement 11.3.2 of the PCI DSS. This guide is indispensable for those traders who are completing this requirement for the first time and need to better understand the process of scanning and the benefits of working with an ASV.<\/p>\n

    Some of the topics covered include:<\/strong><\/h2>\n