PCI DSS ASV Scan (Official) — ASV: Clone Systems, Inc.

ASV scans are performed by Clone Systems, a PCI Security Standards Council–Approved Scanning Vendor (ASV).
Verify on the official PCI SSC Approved Scanning Vendors directory →

Get PCI Compliant View ASV Plan
🛡️ Official PCI DSS ASV Scan 📄 Bank-ready reports 🔁 Unlimited rescans
✅ Performed by Clone Systems, Inc. 🔎 Verify on PCI SSC directory 🌍 Regions served: Global

ASV scans are performed by Clone Systems, Inc. (a PCI Security Standards Council–approved Approved Scanning Vendor). Verify the listing on the official PCI SSC portal: Approved Scanning Vendors directory.

PCICompliance.com provides the platform, automation, reporting, and customer experience.
PCICompliance.com is not affiliated with or endorsed by the PCI Security Standards Council.

What is a PCI ASV Scan?

An ASV (Approved Scanning Vendor) scan is an automated external vulnerability scan of your internet-facing systems (IP/domain). It helps validate that your systems are not exposed to known vulnerabilities and is required by PCI DSS when scanning applies to your environment.

🌐

External & Internet-Facing

Targets public IPs/domains reachable from the internet, focusing on common services and exposures.

  • Public IP or domain target
  • Known vulnerability checks
  • Misconfiguration detection
📆

Quarterly Requirement

PCI DSS typically requires scans at least every 90 days and after significant changes.

  • 4 quarterly scans/year
  • Evidence history retained
  • Audit-friendly workflow
📄

Bank-Ready Reports

Download documentation commonly requested by acquiring banks and payment processors.

  • Clear pass/fail status
  • Detailed findings list
  • Exportable compliance evidence

Do You Need Quarterly ASV Scans?

Many businesses using fully hosted payment pages may not require ASV scans. Start with the free assessment to confirm what applies to your environment.

Usually needs ASV scans

  • Self-hosted checkout or payment pages
  • Internet-facing systems that affect Dental Office
  • Public IPs/domains in scope for PCI DSS
  • Service providers supporting payment flows

Not sure what’s “in scope”? The assessment clarifies this in minutes.

Often does not need ASV scans

  • Fully hosted checkout (redirect/hosted payment pages)
  • No cardholder data touches your servers
  • Processor confirms SAQ type without scans

We help you avoid paying for scans you don’t need.

Get PCI Compliant

ASV Scan Plan

One simple plan for 1 IP/domain — built for price-sensitive merchants.

ASV Scan (1 IP / 1 Domain)

$149 /year

Quarterly scans + unlimited rescans + bank-ready reports

What’s included

  • 4 quarterly ASV scans (PCI DSS cadence)
  • Unlimited rescans until you pass
  • Downloadable compliance reports
  • Scan history retained for audits
  • Guidance on common remediation priorities

Performed by: Clone Systems, Inc. (PCI SSC–approved ASV).
Verify: PCI SSC Approved Scanning Vendors directory

Need more than 1 IP/domain?

If you have multiple public IPs/domains or multiple environments, we can quote a plan quickly.

  • Multiple IPs/domains
  • Service provider needs
  • Custom scan scheduling
  • Consolidated reporting

Common pitfalls we prevent

  • Scanning the wrong IP/domain
  • Missing the quarterly cadence
  • Confusing internal vs external scans
  • Not keeping evidence for auditors

How the ASV Scan Process Works

Fast setup, clear results, and unlimited rescans until you pass.

1) Confirm requirements

Take the free assessment to confirm whether ASV scans apply to your environment and which assets are in scope.

Results in ~5 minutes

2) Add your target

Enter your IP/domain and verify ownership (if required). We guide you to avoid scanning the wrong asset.

Simple onboarding

3) Scan → Fix → Rescan

Review findings, remediate issues, and rescan until you reach a passing status. Download reports anytime.

Unlimited rescans included

Get PCI Compliant

ASV Scan FAQ

Quick answers for merchants and teams under time pressure.

Is this an official PCI DSS ASV scan?

Yes. ASV scans are performed by Clone Systems, Inc., a PCI SSC–approved ASV. You can verify the listing on the official directory: PCI SSC Approved Scanning Vendors.

What exactly is scanned?

The scan targets your internet-facing IP address or domain and checks for known vulnerabilities and exposures. It is not the same as an internal vulnerability scan or a penetration test.

How often do I need to scan?

PCI DSS typically requires ASV scans at least quarterly, and after significant changes. This plan includes 4 quarterly scans per year.

What if I fail the scan?

No problem. Unlimited rescans are included. Remediate issues and rescan until you pass.

Do hosted checkout merchants need ASV scans?

Often no. Many businesses using fully hosted payment pages may qualify for a SAQ type that does not require quarterly scans. The fastest way to confirm is the free assessment.

Is PCICompliance.com affiliated with PCI SSC?

No. PCICompliance.com is not affiliated with or endorsed by the PCI Security Standards Council. ASV scanning is performed by Clone Systems, Inc., a PCI SSC–approved ASV.

Get PCI Compliant

Ready to Run Your ASV Scan?

Confirm requirements, add your IP/domain, run your scan, and download bank-ready reports.
ASV scans performed by Clone Systems, Inc.

Get PCI Compliant

No credit card required for the assessment • Results in ~5 minutes • Unlimited rescans included

icon 1,650 PCI scans performed this month
check icon Business in Austin, TX completed their PCI SAQ A-EP