PCI Scan/Compliance

Cody M. shared this question ago

Need Answer

I'm trying to be PCI compliant. I followed the steps in the support article, but when I submitted a reason for a false positive about the two SSL certs, I got this response: "If this vulnerability has been remediated/is believed to be a false positive then please resubmit this dispute with further information." Is there other information I should submit other than "security patches are applied nightly" response?

Files:

The same question

Comments (3)

Susan M. ● 8 days ago

That should be all you need to do for the vulnerabilities. If you continute to have problems let us know

Reply URL

Cody M. ● 29 hours ago

Susan, I left a new comment. I resubmitted the scan and got the same results. They want more information even after submitting the recommended answer.

Files:

URL

Susan M. ● 18 hours ago

Unfortunately this is outside the scope of our normal support. We don't have access to the vulnerability list you are discussing with them nor do we have the resources to diagnose the particular issues being discussed.

The guide is provided as a general instruction list, but each issue would need scrutinized manually if they are rejecting the general 'false positive' response.

From what I see in the screenshot you provided I would let them know that the cardholder data is transmitted directly from the customer to global and does not pass through any other servers. In addition the credit card page submission page is unique to each customer and isn't publicly available.

URL

Cody M. ● 3 hours ago

I will try with the additional comments you provided. Thank you!

URL

Cody M. ● 7 days ago

I submitted the response and they came back saying it isn't enough information. What else can I provide for them?

Files:

Reply URL

Cody M. ● 29 hours ago

I resubmitted the scan and got the exact same response when I submitted the false positive as "security patches are applied nightly." How can I get past this response?

Files:

Reply URL