Your next PCI assessment, ready before you are.
Halo is a PCI Approved Scanning Vendor. Run Unlimited PCI scans, get expert remediation help when issues come up, and generate audit-ready reports — all from one platform.
100% US-Based Support • Starting at just $349 per year
More than a checkbox.
Most ASVs treat PCI like a quarterly task: scan, report, repeat. Halo helps you actually pass. When something complicated turns up, our US-based security engineers walk you through what it means and what to do about it. No extra services engagement. No upcharge. Just answers, the same week you need them.
Let us be your guide
Built for mid-market teams who need to pass PCI and get on with their day.
-
Unlimited ASV Scans
Run scans daily, weekly, or on-demand — not just quarterly. Stay covered between assessments. -
Expert remediation help
When an issue lands in your queue, our US-based security engineers help you understand the severity and fix it. No upcharge. -
Audit-ready PCI reports
Generate, draft, and submit reports from your dashboard. Separate reporting for multiple business units included. -
Asset discovery
Find the assets your ASV scope is missing — forgotten subdomains, dev environments, cloud services nobody's tracking. PCI scope only works if you know what's in it. -
Quarterly security reviews
Sit down with the same engineer every quarter. Review your attack surface, prioritize what's next, and plan ahead.
"The support I think is one of the best parts of this product.
Security review are always really valuable, going through and looking at what some of the issues are, digging more into those, and talking about things we could do to resolve them. It's usually the same person every time as well. So they've got a history with our account. That's been super useful for us.”
Halo Security works hard to ensure they are doing everything they can to provide me with everything I need to have my site compliant and secure. Everyone I have worked with is friendly and knowledgeable."”
See what your next PCI scan will surface.
Humans Included.
- Clear remediation guidance on every issue, not just a CVSS score.
- Assign issues, track progress, and close the loop in one place.
- Connect with our US-based security engineers directly from your dashboard.
What our customers are saying
Founded 2013. Funded by customers.
A FEW OF OUR CUSTOMERS
.png?width=474&height=200&name=surveymonkey%20(1).png)
.png?width=432&height=200&name=dollar-tree%20(1).png)
.png?width=294&height=200&name=experian%20(1).png)
.png?width=234&height=200&name=mrsfields%20(1).png)
.png?width=281&height=200&name=penske%20(1).png)
FAQs
Does Halo support PCI 4.0 requirements?
Yes. Halo's continuous scanning supports the ongoing vulnerability scanning expectations introduced in PCI DSS 4.0 (Requirement 11.3.2), and our platform supports the script and payment page monitoring expectations under 11.6.1 and 6.4.3. Talk to our team about your specific scope.
Can I switch ASVs mid-cycle?
Yes. Most customers switch between assessments, but Halo can onboard you mid-cycle. Your previous ASV's reports stay valid for the assessment period they covered — Halo picks up coverage from the day you start.
What's the difference between ASV scanning and external vulnerability scanning?
ASV scanning is a specific PCI compliance requirement performed by a PCI Council-approved vendor (like Halo) and produces a formal compliance report. External vulnerability scanning is the broader practice of finding weaknesses in your internet-facing systems. Halo does both — your ASV scan and your ongoing external attack surface monitoring run on the same platform.
Do you support reporting for different business units?
Yes! If your company has multiple business units, you can easily generate separate reports in our user-friendly portal. This feature allows you to manage and analyze compliance data for each business unit independently, ensuring that each unit meets PCI DSS requirements.
Are you an Approved Scanning Vendor (ASV)?
Yes, TrustedSite, LLC d.b.a. Halo Security is a PCI Security Standards Council Approved Scanning Vendor. Our certificate number is 5078-01-11. ASVs conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.3.2.
Do you support dynamic IP addresses
Yes. If your web host doesn't provide you with a static IP address, our scan can use hostnames instead. This ensures that even with dynamic IP addresses, your scanning can proceed without interruption, maintaining your compliance with PCI DSS requirements.
How often do I need to perform PCI ASV scans?
PCI DSS requires quarterly external vulnerability scans by an ASV. Additionally, scans should be performed after any significant changes to your network, such as new system installations, changes in network topology, firewall rule modifications, or product upgrades.
Is there a limit to the number of scans I can run?
No, there is no limit to the number of scans you can run within your subscription period. You can set scans to run daily, weekly, monthly, quarterly, or on-demand. This allows you to plan your compliance activities around your business operations, ensuring minimal disruption.
What types of vulnerabilities are detected by the scan?
Our scans detect a wide range of vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), outdated software versions, and misconfigured security settings. The scan checks for compliance with the latest PCI DSS requirements.
Can I get help with the remediaton?
Yes, our team is available to help you understand how to remediate any vulnerabilities identified in the scan. We provide detailed guidance and recommendations to help you address issues and achieve compliance.
Is customer service available if I have a question?
Absolutely! Our dedicated US-based customer support team is available to assist you with any questions or concerns you may have about the scanning process, results interpretation, or remediation steps. You can contact us via phone, email, or live chat.
How much does PCI compliance cost?
We're currently offering new PCI customers their first year for only $349. This includes unlimited scans on up to 3 IPs or hostnames and unlimited support from our team of US-based security experts.
What is PCI ASV Scanning
PCI ASV (Approved Scanning Vendor) Scanning is a process conducted by a PCI Security Standards Council-approved vendor to perform external vulnerability scans. These scans help ensure that your organization adheres to the external scanning requirements of the PCI DSS (Payment Card Industry Data Security Standard) Requirement 11.3.2. The primary goal is to identify and address security vulnerabilities that could be exploited by attackers.