complying with payment card data security standards
The security of cardholder data is vital for many organisations and PCI DSS (Payment Card Industry Data Security Standard) compliance requires that penetration testing is performed at least annually, or after significant changes are made to the infrastructure, applications or systems that store, process or transmit sensitive cardholder data.
The goals of penetration testing in relation to PCI DSS are:
- To determine whether and how a malicious user can gain unauthorized access to assets that affect the fundamental security of the system, files, logs and/or cardholder data.
- To confirm that the applicable controls, such as scope, vulnerability management, methodology, and segmentation, required in PCI DSS are in place.
As with all PCI DSS engagements, the scope of testing will be decided by the PCI Qualified Security Assessor (QSA). Pentest would test against this scope and provide feedback as part of the accreditation process. If required, our sister company, Xcina Consulting, can provide a full range of PCI DSS services and are an accredited PCI QSA firm.
get in contact today
the benefits of penetration testing as part of PCI DSS compliance
Every PCI DSS penetration test goes through a rigorous process, ensuring that you get the best possible outcome and that you are complying with PCI DSS requirements. Below we outline the key stages our penetration testing goes through:
why choose us?
want to find out more about our compliance services or looking to start testing? Our team are on hand to provide you with the information and support you need.