Hi all, I'm fairly new to this tool and may have what seems like a silly question. Is there any way that a report showing PCI vulnerabilities (ie. non-compliance) could be submitted, attested and then submitted to the acquirer?
I would like to be sure that I (or someone else) can't mistakenly click a button and have a non-compliant report submitted to our acquirer. This would be a headache of epic proportions ;-)
Yes. Both Passing (Compliant) and/or Failing (Non-Compliant) PCI Reports can be Attested and Submitted to the Acquirer. The goal is to become fully compliant and submit a passing report, howerver at times it may be necessary to submit a failing report. You can also include comments with the failing report regarding those outstanding vulnerabilities, along with action plans of when they will be fixed.