Announcement

Collapse
No announcement yet.

PCI Scan message

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PCI Scan message

    A Client has this message in their Trustwave scan report:

    CVE No Match and Remote Access Detected
    I don't have a copy of the report yet. Wondering what the error refers to. I don't know if it's two errors? I've guessed correctly before on Trustwave secret-coded error messages. Not this one yet. I'm told it's the same message for a couple of dozen test points in the scan. I have no idea if the message refers to anything directly related to the Miva store or the server.

    Ideas? Direct experience?

    Thanks,

    Scott
    Need to offer Shipping Insurance?
    Interactive Design Solutions https://www.myids.net
    MivaMerchant Business Partner | Certified MivaMerchant Web Developer
    Competitive Rates, Custom Modules and Integrations, Store Integration
    AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
    My T-shirt Collection is mostly MivaCon T-shirts!!

    #2
    A non-CVE result is probably them trying to demonstrate value by flagging something that has no corresponding publicly recognized vulnerability ID. I'd recommend the site in question switch to MivaPay or similar tokenizing payment gateway so it no longer touches credit cards, and then do away with that need to scan.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Thanks, David.

      Scott
      Need to offer Shipping Insurance?
      Interactive Design Solutions https://www.myids.net
      MivaMerchant Business Partner | Certified MivaMerchant Web Developer
      Competitive Rates, Custom Modules and Integrations, Store Integration
      AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
      My T-shirt Collection is mostly MivaCon T-shirts!!

      Comment


        #4
        Question on eliminating the scan. Is it the whole scan? I don't have much info on what all this entails. I don't know, but this client is probably a Level 3 or 4 with my guess of fewer than 20K online transactions per year. I can't imagine their merchant card account would require a scan unless it's tied to a really nice rate? Regardless, are there different levels of a scan?

        Scott
        Need to offer Shipping Insurance?
        Interactive Design Solutions https://www.myids.net
        MivaMerchant Business Partner | Certified MivaMerchant Web Developer
        Competitive Rates, Custom Modules and Integrations, Store Integration
        AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
        My T-shirt Collection is mostly MivaCon T-shirts!!

        Comment


          #5
          Interesting update. I had not checked to see if MivaPay was activated, and it had been activated by the previous developer. So, we still have no idea what or why this issue is failing the scan.

          Additionally, it really appears this client is at level 4 and I don't know why the scan needs to be done at less than 1000 CC transactions per year.

          Scott
          Need to offer Shipping Insurance?
          Interactive Design Solutions https://www.myids.net
          MivaMerchant Business Partner | Certified MivaMerchant Web Developer
          Competitive Rates, Custom Modules and Integrations, Store Integration
          AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
          My T-shirt Collection is mostly MivaCon T-shirts!!

          Comment

          Working...
          X