Controlscan Review

uncommunicative, get busy signal when call them. Idiots

ControlScan is hired by my processor, BluePay to perform compliance scans quarterly. The problem has been that we repeatedly fail and have to write explanations as to why. The reason is always because we have the most up-to-date patches installed whereas ControlScan is scanning for outdated software versions. I told my processor that I would not perform any more scans until ControlScan became complaint, or at least identified the latest patches as acceptable without flagging ME as being non-compliant. This past Monday, ControlScan ran a malicious script on my site searching for vulnerabilities, which were thwarted due to our latest patches. Today, ControlScan placed a bogus order on our website with a script in the Ship To: box, obviously hoping to gain some access to our system but once again, it was denied.
ControlScan is a good concept however they are behind the times. They flag us for being noin-compliant but they are scanning for outdated vulnerabilities and not recognizing the latest patches because they haven't done their homework. If a scan fails, it's our responsibility to explain why THEIR scan failed to recognize the latest patch. I have to stop what I'm doing, contact our hosting company who has to stop what they're doing to address these false positives. The whole company is a fraud in my opinion. I'm not going to roll back my patches just so your outdated scan can call me compliant... that's just asinine and until ControlScan pulls their heads out of their nether regions, we will not be performing any further scans

I am having a nightmare logging in to Control Scan to complete a questionnaire requiring compliance information.
I entered the number and password and first time it worked. But I did not have time to complete the whole exercise.
So when I went back in I was refused entry. I was emailed back the same user name, but the password didn't work and I have not been able to generate a response to my request for a new password.
I cannot fill the required compliance information if I cannot get access.

3. Now when I attempt to send a message via the Control Scan support online, the message function reads "ERROR for site owner:
Invalid domain for site key" and without being able to enter the non-robotic reCaptcha I cannot even communicate with the support team via the Control Scan site!
please advise.

thanks,
jenny

When you read that customer service is terrible at this company, believe it. I could not log in with the info I received from Merchant One and I could not get any response from customer service. Probably one of those dumb companies that has another company answering the phone for them.

I never contacted this company, yet they keep emailing me. They are pushy. I have tried on several occasions to get removed from their email list and they have refused. I get several unsolicited emails from them a week.

This company is a joke. Their 300 question PCI compliance survey is the most egregious wasteful pointless time sink I have ever seen. I mean, they want to know if visitors are given a badge identifying them as visitors when they are on the grounds of your small retail store where you do not store any credit cards or run any transactions they care about (they were hired by our merchant account provider which powers online orders, which are done on computers not on premises). But I click true because who cares? No one can accurate answer this 300 question survey. Also every 5th question they pop in an add for some upsell nonsense.

Support is non-existent nor do they know anything about their own product. Good luck.

This company has to be a scam. Their chat is a complete joke. Customer service horrible.