No. Per PCI DSS regulations, a business that collects and processes payment card information requires regular internal and external vulnerability scans as part of the compliance requirements. In addition to this, compliance with PCI DSS also depends on several other factors.