QUALIFICATION OF SCANNING VENDORS FOR IMPLEMENTING PAYMENT CARD INDUSTRY SECURITY PROCEDURES

摘要

A system and method for qualification of security scanning vendor, who conducts security scans and testing of the infrastructure, facilities and procedures of the entities (e.g., merchants, and service providers) involved the payment-by-card industry to ensure compliance with security standards, is provided. Vendors demonstrate their skill in data security validation trials, which present vendors with controlled emulated electronic environments having defined or exact vulnerability lists with weights assigned to specific vulnerabilities according to their criticality.. Vendor processes and services are evaluated and benchmarked so that competent vendors can be approved for conducting the desired security scans and testing of payment-by-card industry entities under the Payment Card Industry Data Security Standard or other standards.