PCI ASV Services – External Vulnerability Scanning

0Tolerance, as a PCI Qualified Security Assessor (QSA), also offers PCI Approved Scanning Vendor (ASV) services. We provide access to a secure web portal for your ASV External Vulnerability Scanning needs. The portal will allow you to see your scope, any scheduled quarterly or monthly scans, the results of those scans, the ability to kick off rescans, request exceptions, and download all necessary reporting. The reporting available includes the Attestation of Scan Compliance (AoSC), Executive Summary, Detailed Findings, and Remediation Tracker. You can invite additional users to your account, so they can specifically work on remediation efforts and access the remediation tracker.

SAQ Access

If your organization completes an annual Self-Assessment Questionnaire, the SAQ Wizard will help you determine the proper SAQ type to complete based on how payment cards are handled. Just answer quick qualification questions first. This is included with the external scanning.

Internal Vulnerability Scanning

We also include two options. The first is PCI Internal Vulnerability Scanning. We provide a virtual machine to be connected to your internal environment for internal scanning purposes. The internal scan results are available in the same portal, so you do not need to manage multiple panes of glass and system processes for external and internal scanning. Our experienced team will assist in the VM setup; you’re not alone with this.

Dark Web Domain Monitoring

Additionally, we offer dark web domain monitoring. With this monitoring, we crawl the dark web daily or weekly, looking for threat intelligence related to your domain. For example, we’d be looking for intelligence related to yourdomain.com users, forum messages, or other activity. We’ll provide a summary of the findings and details, such as the originating site record (.onion detail).

Your external IP address for the network you’re currently using on your device is below; we may ask you for this when you enroll in services. Visit this website from the same network you need to be scanned. If you have multiple locations, visit this website from each location and note the results.

We may also ask for your Merchant ID.

Your Merchant ID (also known as a MID) is a unique identifier assigned to your business by your credit card processor. It is used to track transactions and is typically included in the transaction details sent to your acquiring bank. Depending on the processor, you may be able to find your merchant ID in one of the following ways:

  • On your monthly statement: Look for a line item labeled “merchant ID” or “MID.”
  • In your online account portal: Log in to your account with the processor and look for a section labeled “merchant information” or “account settings.” 

PCI Scanning Requirements For Merchants

PCI Merchant Levels


PCI Scanning Requirements For Service Providers

PCI Service Provider Levels

Security You Can Trust