« Return To List

Why does my PCI Security Check fail?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.

There are many reasons why a PCI Security Check can fail. You will receive a list of the results which will tell you what was found and what should be done to fix it. Here are some of the more common reasons:

Software version: An example of this might be the version of PHP. Using an older version of PHP that contains known vulnerabilities may cause a failure. Updating to use a later version of PHP would be a way to fix it.

Open Ports: Having specific ports open may cause a failure. A port is like a connection point through which computers can communicate with each other. These different port numbers allow software applications to share hardware resources without interfering with each other. If an open port on a server is deemed vulnerable, the check may come back and say the port needs to be closed.

Debug On: DEBUG is often used by programmers to help identify issues with particular code. It allows then to see what is causing a problem. This becomes an issue if the DEBUG is not turned off once the site is finalized because it allows hackers to then see potential flaws in code. Similarly if custom errors are enabled, the error messages can give these hackers the information they need to exploit issues. A security check is likely to fail a site if it finds these issues. Turning off any DEBUG scripts and custom errors will likely solve the problem.

These are just a handful of issues than can cause a PCI Compliance security check to fail. There are many more, and they often change to keep up with new vulnerabilities and exploits. So don't fret if your site fails a test, even if it passed one a 3 months or more ago. Your IT people or your hosting company should be able to decipher the problems and fix them for you.

« Return To List

Newsletter Signup

Full Name:

Email Address: