Join A Leader In

ASV Vulnerability
Scanning Services

Our ASV (Approved Scanning Vendor) vulnerability scanning service is an automated process which validates the security of your internet facing systems and web applications. Throughout this process, Vectra will scan for weaknesses in your data security. Vectra’s ASV security services are conducted through our partner SecurityMetrics. Quarterly ASV vulnerability scanning of internet facing systems is a requirement to maintain PCI DSS compliance for most businesses and organisation’s providing card payment services. Even if it’s not a PCI DSS requirement for you, regular scanning is also a good cyber security practice.

Template mockup online credit card for purchases from online stores online shopping

What is an ASV?

ASV stands for Approved Scanning Vendor. It is a designation given by the Payment Card Industry Security Standards Council (PCI SSC) to organisations that have been qualified to validate adherence to certain PCI DSS compliance requirements by performing vulnerability scans of merchants and service providers. ASVs have proven their capability to offer high-quality, consistent vulnerability scanning services that align with the PCI DSS.

Engaging with an ASV ensures that your organisation’s external-facing systems are routinely checked for vulnerabilities.

What is ASV Scanning?

ASV Scanning refers to the vulnerability scanning process carried out by an Approved Scanning Vendor. The primary purpose of this scan is to identify vulnerabilities in the external-facing systems and networks of businesses and organisations that could be exploited by malicious entities. These scans are an essential component of the PCI DSS compliance process for many.

Features of ASV Scanning:

    • Scope Determination: The process begins by determining which systems are in scope for PCI DSS. Typically, these are the systems that are involved in the storage, processing, or transmission of cardholder data.
    • Regular Scans: ASV Scans are typically conducted on a quarterly basis, but can also be performed after any significant change to the network.
    • Detailed Reports: After each scan, the ASV provides a detailed report outlining any vulnerabilities discovered, their severity, and recommendations for remediation.
    • Pass/Fail Criteria: For the sake of PCI DSS compliance, the scanned entity must not have any vulnerabilities rated 4.0 or higher (on the CVSS scale) that are not mitigated. If such vulnerabilities are present, the entity will need to address them and then undergo a rescan.
    • Continuous Improvement: ASV scanning isn’t a one-off process. The cyber security landscape is constantly evolving, and new vulnerabilities are discovered frequently. Regular scanning ensures that organisations can stay ahead of potential threats.

ASV scanning is an invaluable tool in the cyber security arsenal of any organisation that deals with cardholder data. It provides assurance that external-facing systems have been checked against known vulnerabilities and helps in maintaining a robust security posture.

ASV Scanning Portal

Vectra’s ASV Vulnerability Scanning Service is accessed by a web-based scanning portal. The portal allows a business or organisation to easily configure automated quarterly scans as required by PCI DSS requirement 11.2.2. It also allows for scans to be run on an ad-hoc basis when required.

The portal provides easy access to the latest scan results and keeps all historical scan reports.

Vectra’s ASV Scanning Portal also provides an interface to facilitate investigation and resolution of any false positives.

ASV Scan Reports

The detailed reports provided as part of our ASV services are available for download on the portal.

These scans are comprehensive and will:

  • Identify security weaknesses
  • Provide a risk rating
  • Remediation advice

ASV Service Desk

Our ASV scanning service is supported by a local Australian based Service Desk. Our ASV Service Team are able to provide technical support and remote administration of the service plus track and monitor any disputed scan results.

Request more information about our ASV scanning services

Send an ASV Vulnerability Scanning Enquiry

Complete the form below and our ASV Team will be in touch to discuss your scanning requirements.

ASV Scanning Contact Form

Pre-Contact Questions (Optional)

To help us better understand your enquiry we have put together an optional set of questions for you to answer. You may answer as many of the questions as possible based on your current knowledge.

Merchant Information

Your bank should be able to tell you, however if you are unsure or unable to check, choose the corresponding number of transactions.
What payment channels do you use?

Service Provider Information