PCI DSS Scanning

Speak to our experts

Speak To a Pen Test Expert

Get in touch for a no obligation quote

I would like to receive insights and thought leadership content from JUMPSEC.

Overview

PCI DSS scanning that passes and improves security.

Quarterly ASV scans, internal scans, and segmentation testing with fast re-scans and clear fixes.

Why it matters:

  • PCI DSS expects quarterly external ASV scans and post-change scans.
  • Compliance protects customers and your organisation against fraud, chargebacks, and financial penalties.
  • A clean “Pass” and effective segmentation support your assessor and reduce complexity.
  • Strong scanning hygiene preserves brand reputation
Speak to our experts
jumpsec-threat-detection

How it works:

  • null

    Scope & readiness

    Define in-scope IPs/ranges, CDE boundaries, owners, maintenance windows, and success criteria.

  • null

    Pre-scan hygiene

    Triage known issues (TLS ciphers, headers, legacy services) to avoid predictable Fail findings.

  • null

    Baseline scan

    Run ASV external scans and internal/segmentation scans. Capture all evidence.

  • null

    Fix & verify

    Provide ticket-ready remediation steps. Align owners and due dates. Support change approvals.

  • null

    Re-scan until Pass

    Clear remaining findings. Produce final ASV attestation and evidence pack you can hand to your QSA/acquirer.

  • null

    Quarterly cadence

    Schedule the next quarter. Track trends, recurring issues, and time-to-remediate.

Key Features:

01

Questions to ask

  • Do we have a clean “Pass” for the last quarter on every in-scope internet-facing IP?
  • Can we prove our network segmentation is effective right now?
  • How quickly can we remediate and re-scan to hit deadlines?

02

Who it’s for

  • Merchants and service providers processing, storing, or transmitting cardholder data.
  • Organisations completing SAQ-A to SAQ-D or undergoing a QSA onsite assessment.
  • Teams with complex cloud footprints, CDNs/WAFs, and suppliers touching payment flows.

03

What you get

  • External PCI scans via an Approved Scanning Vendor, quarterly and after change.
  • Internal vulnerability scans across in-scope systems.
  • Segmentation testing to prove CDE isolation.
  • Ticket-ready remediation steps, owners, and target dates.
  • Rapid re-scans until “Pass”.
  • Evidence pack: ASV attestation, technical reports, remediation log, exec one-pager.

04

What we scan

  • External: Internet-facing IPs and ranges, gateways, web tiers, and APIs.
  • Internal: In-scope internal systems around the CDE
  • Segmentation: Firewalls, routing rules, ACLs, and controls that enforce isolation between CDE and non-CDE networks.
  • Edge stack: CDN/WAF settings, TLS configuration, and redirects that can influence results.
  • Change windows: Post-change scans for platform upgrades, rule changes, or new services.

Engagement options:

Managed PCI Scanning (annual):

We schedule and run quarterly external ASV scans, internal scans, and segmentation tests with re-scans, evidence, and QSA liaison.

Fast-track to “Pass”

One-off sprint to reach a passing external scan with focused remediation and re-scan support.

Change-driven re-scan

On-demand post-change external/internal scans with rapid turnaround.

Advisory add-ons

WAF/CDN hardening, mTLS/TLS uplift, patch governance, and “pre-QSA” readiness checks.

Jumpsec promises:

Deliverables

  • ASV Attestation of Scan Compliance (external)
  • Technical scan reports with CVSS, evidence, and affected assets
  • Segmentation test report and annotated topology (where applicable)
  • Remediation log with dates, owners, and actions taken
  • Executive one-pager for acquirer, bank, and audit meetings

Hands‑On Validation of Critical Controls

  • Scoping: 45–60 minutes with CISO/IT owner and network lead.
  • Change approvals: 30–60 minutes per batch of fixes.
  • Debrief: 45 minutes for exec/IT owners.
  • Elapsed time varies by remediation; we keep scan windows and re-scans tight.

Outcomes that matter

  • Clean, current ASV Pass for every in-scope external IP.
  • Effective segmentation evidenced and accepted by your assessor.
  • Shorter time-to-remediate and fewer repeat findings.
  • Predictable audit and bank responses with ready-made documentation.

Why JUMPSEC?

Certifications and Accreditations

We’re a member of and regular contributor to the CREST community. Our consultants hold a range of certifications including CREST, the NCSC and more across different specialisms, demonstrating their commitment to quality service delivery.

The-Cyber-Scheme-logo
National-Cyber-Security-Centre-logo
ISO9001 logo
cyber essentials plus logo
ISO2 7001 logo
crown-commercial-services-logo
UK_ASSURE-logo
cyber essentials plus logo
CREST Security Red Teaming Intelligence Led Pen Test (STAR)
NCSC CIR L2 Assured Service Provider.

FAQs

Do you perform the ASV scans yourselves?

External PCI scans are performed via an Approved Scanning Vendor. JUMPSEC manages scoping, remediation, disputes, and re-scans end-to-end.

Can you help with false positive disputes?

Yes. We prepare evidence, submit disputes to the ASV, and manage outcomes.

How do you handle CDNs/WAFs and cloud elasticity?

We align scope to real egress IPs and origin services, account for any geo/IP steering, and coordinate maintenance to avoid noisy results.

Do you support PCI DSS v4.0?

Yes. We align cadence and artefacts to v4.0 expectations, including quarterly scans, post-change scans, and segmentation validation.

Can you help beyond scanning?

Yes. We provide Microsoft 365 security uplift, managed detection and response (MXDR), incident response retainers, and offensive testing.

Book a scoping call

Get started
×

Under attack? Call our 24/7 Incident Response Hotline now

Get in touch with an accredited Incident Response experts who can help you contain, recover and mitigate attacks.

0333 987 4048

For regular switchboard please
contact - 0333 939 8080