Rafflex.io
Back To Rafflex.io
  • 🚀Getting Started
    • 1️⃣Buy Your Domain
    • 2️⃣Add Your Domain to RaffleX
    • 3️⃣Creating Your Company
    • 4️⃣Adding Your Terms
    • 5️⃣Payment Gateway
  • Create Your First Raffle
    • Create a Competition
    • Add Instant Wins
    • Product Categories
  • Customise Your Site
    • Add Your Logo
  • Choose Site Colours
  • Set Up Your Homepage
  • Essential Settings
    • Connect Your Social Accounts
    • Email Setup
    • Add Terms & Conditions
  • Marketing
    • Promos and Discounts
    • Upsell
    • Email Marketing
    • SEO Settings
    • Top Banner Text
    • Email with Notify
  • Drawing Winners
    • Auto Draw
    • Manual Draw
    • Managing Instant Winners
  • Managing Payouts
  • Additional Settings
    • Entry List Display
    • Free Entry
    • Site Credit & Wallets
    • Game Types
    • Safe Play Setting
    • Add a Custom Slot Theme
  • Helpful Info
    • Analytics
    • Google Analytics
    • Advertising On Facebook
    • UTM Tags
    • Creating a Free Entry Competition
    • Ensure www. Loads Your Site
    • PCI Compliance Scan
    • Set Up Email Inbox
    • Image Size Guide
    • Reset Password
    • Checklist
Powered by GitBook
On this page
  • What is PCI Compliance?
  • When to Scan?
  • How to Schedule Your Scan
  • What to Do After the Scan
  • Follow These Steps to Address a Failed Scan
  1. Helpful Info

PCI Compliance Scan

This guide explains how to complete your required PCI compliance scan initiated by Cashflows.


What is PCI Compliance?

PCI compliance (Payment Card Industry Data Security Standard) is a set of security rules. It's designed to ensure that all companies that accept, process, store or transmit credit card information are always secure. Basically, it helps protect customer card data from fraud and theft. Everyone who sells online must comply


When to Scan?

  • Cashflows will email you when it's time to complete your scan.

  • This happens every few months and is a standard requirement.

If it's your first scan:

  • Cashflows will send you login details for the scan portal.

  • The scan portal website is: complywithpci.com


How to Schedule Your Scan

  1. Go to complywithpci.com.

  2. Log in using the details provided by Cashflows.

  3. Find the section titled Be scan compliant and click Manage.

  4. Click Schedule Scan.

  5. Go to the Domain tab. In the Domain/IP Address field, enter your website URL (e.g., yourrafflesite.com).

  6. Select your preferred scan date (or leave the default date if you want it to run as soon as possible).

  7. For the Load Balancer question, select Yes.

  8. For the System Configuration question, select Yes.

  9. Check the confirmation box at the bottom of the page.

  10. Click Schedule Scan.


What to Do After the Scan

  • The scan usually takes 6-12 hours to complete.

  • You will receive an email notification with the results once it's finished.

What to Do If Your Scan Fails

  • Don't panic. Failed scans are common, especially with automated tools.

  • These scans often report "false positives" because RaffleX sites are protected by security services (like Cloudflare), which can sometimes confuse the scanner. This is expected.


Follow These Steps to Address a Failed Scan

  1. Log in to complywithpci.com.

  2. Under Be scan compliant, click Manage.

  3. Select Review your PCI DSS external vulnerability scans.

  4. Look for scan results marked as Fail.

  5. From the Options dropdown next to a failed scan, select Review.

  6. Click the Review Now button.

  7. Use the PCI Compliant dropdown menu and filter the results by selecting No. This will show you only the items that failed.

  8. For each failed item listed:

    1. Click the 3 dots on the right-hand side.

    2. Choose Raise False Positive.

    3. In the comment box, add:

    Please mark as False Positive. Our website operates behind Cloudflare's security infrastructure, including their WAF. This protective layer mitigates the risk associated with this finding before it can reach our actual server.

    d. Submit the false positive request.

  9. Repeat step 8 for all failed items.

Responding to Follow Up Questions

  • After you submit the false positives, the PCI Compliance team might email you asking for confirmation that the site is secure.

  • Please reply to them confirming: Yes, it is secured on all ports.

PreviousEnsure www. Loads Your SiteNextSet Up Email Inbox

Last updated 16 days ago