What PCI scanning service do you use?



I wonder if any of you have experience with getting PCI DSS compliance and who you use for your assessments.

What does it cost roughly?

RedHat has PCI DSS compliance scanners and utilities. Pricing can be found on their website or by callling directly. CentOS generally gets many PCI DSS compliant backports by RedHat but they may have their own tools. There are also third party scanners from companies such as Comodo.

The Standards website has more information:
I must admit that I don't understand how an external scanner can reliably audit for PCI DSS given that it can only see a limited set of information that you let it see. How much can be hidden? I think the internal tools sound worthy of investigation.
I second to that – along with third party tools, it’s essential to use internal tools as well. And if possible, hire a certified consultant for PCI DSS certification. It helps to mitigate the security gaps quickly.