Important Update for Online Merchants: New PCI DSS v4.0 Requirements – VS and ASV

Resource Guide: Vulnerability Scans and Approved Scanning Vendors [July 10, 2024]

Attention all online merchants! The PCI Security Standards Council (PCI SSC) has released new requirements under PCI DSS v4.x to enhance security for those taking online payments. Here’s what you need to know:

🌐 New Requirement for SAQ A Merchants: Merchants completing SAQ A must now perform external vulnerability scans conducted by PCI Approved Scanning Vendors (ASVs). This is to address the increasing rate of breaches targeting SAQ A merchant environments.

🔍 What’s Required: If your e-commerce system either:

  1. Redirects payment transactions to a PCI DSS compliant third-party service provider (TPSP), or
  2. Includes an embedded payment page/form from a PCI DSS compliant TPSP

You must ensure that external ASV scans are performed at least once every three months and provide evidence of passing these scans.

📘 Resource Guide Available: PCI SSC has provided a comprehensive resource guide to help SAQ (find it below)

📅 Stay Compliant, Stay Secure: These new measures are crucial for minimizing risks and protecting your e-commerce platform from potential vulnerabilities. Ensure you’re up-to-date with the latest standards to safeguard your business and your customers..

For more details, check out the PCI SSC’s latest release HERE

If you are not getting all the answers that you need you can contact our PCI Navigator Team!

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance