Dear Sir or Madam,
Since version PCI-DSS 4.0, merchants are also required to have their web stores scanned regularly. To do this, they must commission a certified provider (ASV PCI Security Standards Council - Protect Payment Data with Industry-driven Security Standards, Training, and Programs).
On the following page you will find the official service providers who can carry out the certification.
https://listings.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors
Please understand that we cannot make any recommendations regarding certified providers. If necessary, please contact your acquirer directly.
It is important to note that the scan must be carried out every 90 days at the latest. A shorter scan period is advisable due to the long periods involved!
In addition, all detected vulnerabilities with a CVSS value of 4.0 or higher must be remedied. (Common Vulnerability Scoring System).
These scans relate exclusively to the retailer and have nothing to do with Computop's external scan. The background to this requirement is to increase security in the retailer's store.
We will be happy to provide you with the Computop AOC on request, as we fulfill the PCI requirements for our retailers above and beyond the SAQ-A.