PCI DSS Penetration Testing
Utilise our PCI compliance penetration testing services that offer great value, technical expertise and remediation plan. We guarantee no fuss around scheduling, retests, or report delays in a PCI test.
Get in touch
PCI DSS Compliance
Wikipedia defines PCI DSS as ‘The Payment Card Industry Data Security Standard ‘ is an information security standard for organisations that handle branded credit cards from the major card schemes. The PCI Council (PCI SSC) drives this initiative of data security standards across payments.Regular PCI penetration testing is required as key control to protect CDE systems and data. PCI DSS compliance state the PCI DSS requirements:
- PCI council defined PCI DSS Requirement 6.6 states continuously protecting internet-facing applications from new and emerging threats and security vulnerabilities.
- PCI Requirement 11 outlines ‘regularly test protection systems and processes’.
For Reports of Compliance (ROCs) and some Self-assessment questionnaires (SAQs), frequent PCI penetration testing must be performed at least annually or after any significant infrastructure changes (application upgrade, new installations such as a firewall or web server added, change in system state, significant infrastructure refresh.), whichever is sooner.
For service providers, it is recommended to perform penetration tests every six months.
See what people are saying about us
What is PCI penetration testing?
PCI penetration test is performed across the cardholder data environment to identify security vulnerabilities in line with PCI DSS requirements. It is targeted on the internal systems that store, process or transmit card data, public-facing devices and systems and databases.External PCI penetration tests are performed on the internet-facing systems. This is not like external vulnerability scans that involve running vulnerability scanners (wholly automated) and analysing issues for false positive removals. Comparatively, penetration tests are resource intensive and in-depth and provide effective input to your risk management process. In PCI penetration tests, this is a controlled form of OSCP (Offensive Security Certified Professional) or an ethical hacking or exercise with the following objectives:
- Assess the access security and segmentation controls in line with PCI compliance requirements
- Determine whether a threat actor could gain unauthorised access to CDE systems that store, process or transmit payment data
Types of services PCI DSS penetration test
Based on the PCI DSS scope of assets within CDE, penetration testing performed on any of the following types of services can be aligned to PCI requirements. We also offer hospitals to ensure a secure health check service offering to their clients by adopting PCI in the healthcare segment.
External penetration testing and tailored infrastructure or application security testing services are offered to service providers, merchants, online retailers, and any systems that may impact the security of the CDE to achieve PCI compliance.
See what people are saying about us
Excellent people to work with.
Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site.
Harman was great, really knowledgeable
Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business.
My experience of the team was 5 star.
They were so helpful, and their technical delivery and client communication were excellent.
Extremely satisfied with approach, speed and end results. Thanks.