Painless PCI Compliance

Comodo has released its Painless PCI program!

This new way of thinking, aims to get the often forgot about smaller merchants PCI compliant as painlessly as possible. Not every business is blessed with a compliance officer or dedicated IT security resources. Compliance can be difficult to go at alone and so Comodo works with you to make the most Painless PCI compliance solution.

Start off with the absolutely free, easy to use HackerGuardian PCI Compliance Wizard to get a remediation plan for your business and complete the Self-Assessment Questionnaire (SAQ). Comodo guides you along the way with advice and explanations as you answer the questionnaire.

Once you have your remediation plan, Comodo products and services can be deployed to meet your compliance requirements and documentation you can send to your bank to prove it. No need to do a vendor assessment for every remediation item needed!

Not only does Comodo’s Painless PCI program guide you to becoming PCI compliant, Comodo products and services will keep you compliant year after year.

Start your PCI compliance here:

Let us know what else we can do to make PCI compliance as painless as possible :wink:

we have done the second pci compliance test.

Fortunately there are no security holes at all , but a few security issues and security notes. The hoster of our dedicated managed server is unwilling to solve the security issues on the machine, That comes from the plattform software that is installed on the machine, and which we do not use, such as webmail horde, and guestbook, and other services that is needed for network management and other stuff not good for anyone.

What can we do?
They argument that there are a lot of merchants that do not do pci scans, as they have outsourced the whole payment process and do not save credit card data.
The same as ourselves. We do not save nor trasnmit credit card data but would like to have the hackerguardian badge instead of security holes.

What can we do? change the hoster? We have long Term contract…

kind regards


If they are not critical I think you can flag them as False-Positive in HackerGuardian.

It is against the Forums policy to advertise commercial websites in signatures.

Section 8.4;

Can you please remove them from your profile?

Hi Ronny done! sorry

Do you mean by flagging them as false positive we get the pass the pci compliance test? That does not sound healthy to me. I prefer to get the issue solved.


how can i get help form in order to solve the security issues stated on the audit. can they contact the hoster and help him find a solution?



We as an ASV can not assist with mitigating the issues. We can only steer you in the right direction towards the solution. A qualified individual (such as a SysAdmin) should be able to look at the ‘Vulnerability Report’ and the system and determine what is and what isn’t a false positive.

Hi Sal Amander
cool name by the side. We are on a dedicated fully managed high end server. As we have no root access, the only think we can do is ask the hoster to do his homework or move to another more security conscious hoster.

After talking to the hoster who is actually the sysadmin we happen to find out that they do not care at all! That’s sad to know. They even said that we do not need pci scanning, and hacker guardian what for ? which purpose? PCI scanning does not make any sense for us… bla bla bla

i can really recommend anyone to get this pci scan to really see how clean or dirty the big hosters of dedicated full managed high end enterprise business server really are.

Believe me you will be surprised how it looks behind the scene.

Isn’t there anything in a Service Level Agreement where you can push them?
This is absolute bad behavior, specially for dedicated high-end service… :-\