Q: My Trustwave scans are failing, what do I do?
- I received an email with the subject: "Action Required - TrustKeeper PCI Manager Scan Completed." In the body of the email it says "SCAN STATUS: FAILING"
- My Trustwave scans always came back fine before, what's wrong?
- This only applies to MIT Merchants who are accepting credit card payments on Virtual Terminals
- Due to a change to the PCI standard Trustwave will fail a scan where the IP is unreachable.
- The Merchant must dispute the finding and provide evidence that the IP is blocked by design and not by any "active defense measures"
- Unfortunately, this must be done every 90 days
- Log in to the Trustwave Trustkeeper portal
- Click on "Scanning"
- Select any vulnerabilities that say "Host(s) not detected"
- Click "Dispute finding"
- In the subject, enter: "These IPs are hidden by design"
- In the text box, enter: "These IPs are hidden by design. Trustwave's scanners are allow listed in our environment, and we have no active protection systems blocking them."
- Usually the disputes are approved quickly. Sometimes Trustwave will ask for more information and repeating the statement above satisfies them.
- If you have any trouble, please contact firstname.lastname@example.org
- If you need help with your Trustwave Trustkeeper portal account, please contact VPF's Merchant Services at email@example.com