dfenster, looking at Pegasus' web site, it looks like they offer vulnerability scans as one of their services, however I do not see any indication on their site that they are licensed or approved by the PCI Security Standards Council, and obtaining quarterly scans by such an approved auditor is a requirement. I would contact them and make sure they are approved, and get a certificate number. The company name is not listed as approved.

__________________
The best way to learn anything, is to question everything.