PCI DSS penetration testing

complying with payment card data security standards

The security of cardholder data is vital for many organisations and PCI DSS (Payment Card Industry Data Security Standard) compliance requires that penetration testing is performed at least annually, or after significant changes are made to the infrastructure, applications or systems that store, process or transmit sensitive cardholder data. 

The goals of penetration testing in relation to PCI DSS are:  

  1. To determine whether and how a malicious user can gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data. 
  2. To confirm that the applicable controls, such as scope, vulnerability management, methodology, and segmentation, required in PCI DSS are in place.

As with all PCI DSS engagements, the scope of testing will be decided by the PCI Qualified Security Assessor (QSA). Pentest would test against this scope and provide feedback as part of the accreditation process. If required, our sister company, Xcina Consultingcan provide a full range of PCI DSS services and are an accredited PCI QSA firm. 

The benefits of our PCI DSS penetration testing

uncover vulnerabilities &
prioritise improvement efforts

Penetration testing allows you to identify and classify your most critical vulnerabilities, providing you with vital remediation advice. This gives you the information you need to make informed decisions regarding your security, to effectively prioritise improvement efforts and to reduce the overall likelihood of compromise.

Obtain security

Obtaining budget for security improvements can be difficult. Our penetration testing can give you a clear picture of your current situation, providing you with the support you need to gain all important security buy-in.

Protect your

A breach of cardholder data can lead to financial, operational and reputational damage for your organisation. Testing should therefore be carried out on a regular basis, helping protect you from potentially damaging cyber-attacks. ​

Our approach

Every PCI DSS penetration test goes through a rigorous process, ensuring that you get the best possible outcome and that you are complying with PCI DSS requirements. Below we outline the key stages oupenetration testing goes through:  

1. Scoping

We work with you to fully understand your organisation, the past threats and vulnerabilities encountered, the types of testing to be performed, your cardholder data environment (CDE) and any associated systems which may affect this.

2. Proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work, the set rules of engagement and any preparations needed to allow us to start testing.

3. Testing

Testing commences once the proposal has been agreed and signed authorisation has been granted.

4. Ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements..

5. Reporting

A comprehensive, quality assured report of test findings, and associated remediation advice, will be delivered.

6. Post test support

Our consultants will be available after the test to offer advice and guidance on any aspect of the report, as well as remediation efforts.​

7. Retest

We will conduct a retest once remediation has been complete, ensuring the vulnerabilities found during testing have been successfully mitigated.

Why choose us

We act as a trusted adviser to our clients. Whatever your situation, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to provide you with the information security support you need.

Information security testing experts since 2001

Dedicated account management

Services tailored to your business

Comprehensive, quality assured reporting

Unrivalled post-test support

Contact us

Want to find out more about our PCI DSS penetration testing services? Our team are on hand to provide you with the information and support you need. Fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.