I want to choose quarterly scan between TrustGuard or Comodo, Comodo quarterly scan without seal is $245/yr, TrustGuard quarterly scan with seal is $297/yr, just $52 more with seal. Comodo scan seems to be more strict that TrustGuard.
Showing seal would help increase my users? is yes, I’d go with TrustGuard else I’d go with Comodo. Please advice if showing seal make sense and helps to attract more users?
Your assumption seems to be incorrect - Comodo seems to have a similar verified PCI Compliant type deal (https://www.hackerguardian.com/hackerguardian/learn/pci-scan-compliancy.html) see at the bottom where you can hover over the card images.
You’re also assuming that your typical user cares about PCI compliance and seeing a badge and/or a green seal or cards or whatever, and that it will give them confidence in you, or more importantly, that without it, they’d leave.
You’re further assuming that users will even understand what these seals mean. People are by no means generally stupid, but we’re all ignorant of things that are not our business, and for most users of the Internet, knowing Internet security is just not their are of interest or need to know.
That all said… I’d go with whichever you are more confident in. Then use whatever method they offer to display your compliance to your users, in case anyone does indeed look for that / care about it - then you’ve got it.
If it was me I’d go with Comodo, but that’s only because I’m more familiar with them, not due to any actually valid reasons.
passing the scan is not enough to get compliance? what is SAQ for when scan is passed?
The scans you are talking about is just for the lowest possible PCI Compliance, basically to be able to accept credit cards on your website, but processing them through a secure merchant (no storing of card information on your side, just tokens returned from the merchant).
Though, if your running on Linux distributions that backport when patching (update the security vulnerability but not increase the version number). You will get a lot of false positives on each scan, where you need to send over proof that this was a backport, i.e. that the security hole has been plugged.
For the SAQ is just additional information required, to verify that you are not a high risk customer for the merchant. In addition it also verify if you can process at the lowest PCI Compliance, or if you need a higher one (on higher volumes this change)
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.