PCI Compliance Scan
This guide explains how to complete your required PCI compliance scan initiated by Cashflows.
What is PCI Compliance?
PCI compliance (Payment Card Industry Data Security Standard) is a set of security rules. It's designed to ensure that all companies that accept, process, store or transmit credit card information are always secure. Basically, it helps protect customer card data from fraud and theft. Everyone who sells online must comply
When to Scan?
Cashflows will email you when it's time to complete your scan.
This happens every few months and is a standard requirement.
If it's your first scan:
Cashflows will send you login details for the scan portal.
The scan portal website is: complywithpci.com
How to Schedule Your Scan
Go to complywithpci.com.
Log in using the details provided by Cashflows.
Find the section titled Be scan compliant and click Manage.
Click Schedule Scan.
Go to the Domain tab. In the Domain/IP Address field, enter your website URL (e.g., yourrafflesite.com).
Select your preferred scan date (or leave the default date if you want it to run as soon as possible).
For the Load Balancer question, select Yes.
For the System Configuration question, select Yes.
Check the confirmation box at the bottom of the page.
Click Schedule Scan.
What to Do After the Scan
The scan usually takes 6-12 hours to complete.
You will receive an email notification with the results once it's finished.
What to Do If Your Scan Fails
Don't panic. Failed scans are common, especially with automated tools.
These scans often report "false positives" because RaffleX sites are protected by security services (like Cloudflare), which can sometimes confuse the scanner. This is expected.
Follow These Steps to Address a Failed Scan
Log in to complywithpci.com.
Under Be scan compliant, click Manage.
Select Review your PCI DSS external vulnerability scans.
Look for scan results marked as Fail.
From the Options dropdown next to a failed scan, select Review.
Click the Review Now button.
Use the PCI Compliant dropdown menu and filter the results by selecting No. This will show you only the items that failed.
For each failed item listed:
Click the 3 dots on the right-hand side.
Choose Raise False Positive.
In the comment box, add:
Please mark as False Positive. Our website operates behind Cloudflare's security infrastructure, including their WAF. This protective layer mitigates the risk associated with this finding before it can reach our actual server.
d. Submit the false positive request.
Repeat step 8 for all failed items.
Responding to Follow Up Questions
After you submit the false positives, the PCI Compliance team might email you asking for confirmation that the site is secure.
Please reply to them confirming: Yes, it is secured on all ports.
Last updated