We notice you are visiting from a U.S. Internet provider. 
25/02/2010 -
Requirement 11.2 of the PCI DSS states that merchants must pass a vulnerability scan for each of the past four quarters to be deemed compliant. But what happens if a merchant misses a scan? Do they have to wait another four quarters to pass an audit?Maybe not, said QSA Walter Conway. In an article for StorefrontBacktalk.com, Conway said that there may be a loophole in this requirement, in that a QSA can still assess a merchant as compliance even if they missed a scan, as long as they have reason enough to believe that the merchant's risk "has been sufficiently addressed through [other] practices."
However, Conway notes that vulnerability scales are potentially the easiest part of the payment processing compliance process, which means that merchants who have missed a scan are likely not vigilant in other areas.
Even if they could potentially get a free pass for missing a scan, Conway advises merchants to try their best not to make it a habit.
"Vulnerability scans are a critical piece of any risk management program. Scans detect vulnerabilities you need to fix," Conway wrote. "The bad guys are scanning you right now, so why in the world don’t you want to know what they are learning?"
Experts also advise merchants to think outside the compliance box, and to invest in payment processing security measures all year round.
