If you're using our free PCI Compliance Program, or using an outside vendor for compliance certification or scanning, you may need to set up a quarterly Approved Security Vendor (ASV) scan of the domains and/or IP addresses that host the web pages that you use to process credit card payments, including on your Neon One payment pages.
To find the correct domains to scan, visit each of your Neon One-provided payment pages and take a look at the URL. Anything that comes before the .com, .org, or .edu of the URL must be provided in the ASV scan to ensure the correct domain is scanned, including the subdomain unique to your organization, if applicable.
For example, if your Neon CRM donation page's URL is: https://examplefoundation.app.neoncrm.com/forms/givingtuesday
Then you will use examplefoundation.app.neoncrm.com for the ASV scan.
Note: neoncrm.com is not a domain that is used to host payment pages in the Neon One ecosystem. This domain should not be used for ASV scans. Be sure to include the full subdomain, including your instance and "app" in order for your scans to pass.