PCI Penetration Testing

Utilise our PCI DSS penetration testing services that offer great value, technical expertise and remediation plan. No-fuss around scheduling, retests, report delays – guaranteed

Get In Touch

We will not share your details with third parties.

Shall we keep you informed on the threat reports & useful guidance? No salesy newsletters. View our privacy policy.

PCI DSS Compliance

Wikipedia defines PCI DSS as ‘The Payment Card Industry Data Security Standard ‘ is an information security standard for organizations that handle branded credit cards from the major card schemes.

Regular assessments are required as key controls mandated by PCI DSS to protect CDE systems and data. PCI DSS (Payment Card Industry Data Security Standard) state the pen testing requirements:

  • PCI Requirement 6.6 states protecting internet-facing applications from new threats and vulnerabilities on an ongoing basis. 
  • PCI Requirement 11 outlines ‘regularly test security systems and processes’.
PCI DSS Penetration Testing

What is PCI pentest?

Penetration Testing

PCI penetration testing is performed to identify security vulnerabilities in line with PCI DSS requirements. It is targeted on the internal systems that store, process or transmit card data, public-facing devices and systems and databases. PCI network segmentation testing validates the access controls to prevent unauthorised access to CDE. External PCI DSS pentest is performed on the internet facing systems. This is not a vulnerability scan.

This is a controlled form of an ethical hacking exercise with the following objectives:

  • Assess the security controls in line with PCI compliance requirements
  • Determine whether a threat actor could gain unauthorised access to CDE systems that store, process or transmit payment data

No retest and cancellation faff

PCI DSS penetration testing requirements

1: Install and maintain a firewall configuration to protect cardholder data

2: Do not use vendor-supplied defaults for system passwords and other security parameters

3: Protect stored card data

4: Encrypt transmission of card data across open, public networks

5: Protect all systems against malware and regularly update anti-virus software or programs

6: Develop and maintain secure systems and applications

7: Restrict access to cardholder data by business need to know

8: Identify and authenticate access to system components

9: Restrict physical access to cardholder data

10: Track and monitor all access to network resources and cardholder data

11: Regularly test security systems and processes

12: Maintain a policy that addresses information security for all personnel 

Types of PCI DSS pentest services

Based on the scope of assets within CDE, any of the following types of services can be aligned to PCI requirements. This is performed by experienced and qualified penetration testers. 

PCI Internal

PCI internal pentest covers a broad scope – from simple one server review to multi-network estate wide active directory reviews including segmentation controls checks.

PCI Application Security Testing

Our team of Cybersecurity experts will test and perform PCI security assessments against apps and web services/APIs in the scope .

Cloud Penetration Testing

Most organizations are migrating to cloud due to ease of use and 24 x 7 availability. As an end user of cloud hosted solution, it is your responsibility to ensure that the security of any operating systems and applications hosted in the cloud are continuously maintained and tested.

Vulnerability Assessments

Vulnerability assessments provide insight into vulnerabilities affecting your internal and external networks.
It helps to identify and quantify the potential risks threatening your environment while minimising internal costs.

Mobile Pen Testing

Ensuring the safety and security of user data is paramount to running any mobile applications.
Our tailored services are designed to identify potential threats and vulnerabilities before it’s too late to limit the damage.

PCI Network Segmentation Testing

PCI Network segmentation testing checks whether segmentation controls are working as intended. Fundamental concepts behind segmentation penetration test include switch based VLAN security controls, internal firewalling and related layer 2 & layer 3 access controls.

Benefits of PCI testing & vulnerability analysis

Amongst the best PCI penetration testing vendors

Recent Blog Entries

What is cyber security architecture? Elements, purpose and benefits

Read about the definition of cyber security architecture, it’s meaning, elements, purpose and benefits of usage. Discover how good architectural processes are pillars of strength for data protection.

How often should you perform vulnerability scanning? Best practices shared

Read best practices around vulnerability scanning frequency and which factors help you decide how often a scan should be fun.

What is the Principle of Least Privilege?

Discover what is the principle of least privilege, examples, advantages and best practices to help organisations limiting malware and cyber attacks.

Everything you need to know about vulnerability scanning

Discover why your business needs vulnerability scanning, what it is, how to use it and how it supports risk management. Read more.

Why is cyber security important?

Discover why cyber security is important and how it acts as a growth enabler for businesses while protecting your most prized assets.

What is Cyber Kill Chain?

Discover what is cyber kill chain and how to use it effectively. Cyber kill chain vs mitre att&ck models. Read more.

What is Patch Management? How to get it right?

What is patch management and why is it important? Read about benefits & best practices to help your assets against cyber attacks.

Most common types of cyber security attacks (includes threats & attack vectors)

Discover the most common types of cyber attacks affecting businesses worldwide. It also includes a look at cyber threats and attack vectors.

What is an SMB Port? How to check for open ports 445 and 139? SMB versions explained.

Discover the basics around SMB protocol, port 445 and 139 and differences. Read about whether SMB is secure and how to protect against dangerous attacks.

What harm can computer viruses cause?

Discover what harm computer viruses cause, what they do, whether all viruses are harmful. Follow this guide to learn more about how to protect your computer.