How to Pass PCI Compliance Scans InMotion Hosting ContributorUpdated on April 8, 2025 2 Minute Read In this article we’ll discuss PCI compliance requirements, explain what is PCI compliance, and give some steps to pass a PCI scan. PCI DSS stands for Payment Card Industry Data Security Standard. The PCI DSS was created back in 2004 by the four major credit card companies American Express, Discover, MasterCard, and Visa to help ensure that consumer payment card data is being transmitted and stored securely on the Internet. PCI Compliance Requirements If you have a website where you will be taking credit card numbers directly from your visitors, it’s typically required to pass PCI scans before your site can be given a seal of approval for adhering to the PCI DSS. A PCI vendor will do a series of PCI scans on your website and provide you with a PCI scan report usually in PDF format that should include an actionable list of failures, and possible solutions. Passing a PCI compliant scan attempt will generally require changing some default settings on your server to be more secure before they proceed with the scan. Some of the most common things that will need to be done will be closing ports at the firewall, and ensuring that you’re using up to date software. Staying PCI Compliant PCI compliance is an ongoing commitment, and most PCI vendors will require doing a new scan about once every 90 days or so to ensure that your website is staying compliant. Ensuring that your website stays PCI compliant can help keep your customers trusting you, as it shows them you’re committed to maintain orders without the risk of a security breach and theft of their vital data. If you’ve already had a scan run on your website and the test failed, you can e-mail a copy to us through a ticket submitted via AMP. Our system administration department can then review the scan for you. Below are some common things that can initially cause a PCI scan to fail. Over time each of these should also link to how to handle that type of failure on your own. Common PCI Compliance Tasks for Web Servers Close Open Ports for PCI Compliance Update Outdated Server Software: Apache, BIND, Exim, OpenSSL, PHP Protect Against SSL/TLS CBC Vulnerabilities Disable FTP Clear/Plain Text Authentication Disable Default cPanel guestbook.cgi Script Disable Directory Indexes Server Wide Disable cPanel /scgi-bin Directory You should now understand about PCI compliance and why it might be important to have for your website if you’re accepting credit cards. Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles WP Cerber Security Antispam and Bot Detection Settings WP Cerber Security Tools Search for PunyCode Look-alikes With Hold Integrity IDN Checker How to Secure WordPress using Security Keys and Salts Resetting the cPanel Password in WHM How to Change your root Password in WHM How To Open a Port in UFW How to Stop and Disable Firewalld Content Security Policy (CSP) Headers – Complete Reference Guide Why You Need To Keep Your Website’s PHP Version Up-to-Date
