If you qualify for certain Self-Assessment Questionnaires (SAQs) or you electronically store cardholder data post authorization, then a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required to maintain compliance. If you qualify for any of the following SAQs under version 3.0 of the PCI DSS, then you are required to have a passing ASV scan:

  • SAQ A-EP
  • SAQ B-IP
  • SAQ C
  • SAQ D-Merchant
  • SAQ D-Service Provider