Tuesday 19 January 2016

PCI DSS Penetration Testing

Agility's penetration testing services meet and exceed the requirements of PCI DSS. Merchants and service providers can prepare for an annual PCI compliance audit by engaging with our specialist security assessment team who will perform internal and external penetration testing to meet your obligations as mandated by PCI DSS Requirement 11.

What is PCI DSS?

PCI DSS is a worldwide standard intended to reduce the rising number of incidents of stolen cardholder data. Endorsed by Visa, MasterCard, Cardholder Information Security Program (CISP), Discover, Diners Club, and American Express whose goal is to protect cardholder account information.

The due diligence required to meet the standard is complex, requiring merchants to address the twelve requirements of PCI DSS by undertaking testing, performing remediation, retesting, and documenting compliance findings in preparation for a PCI DSS compliance audit.

What’s included in the penetration test’s scope?

The scope of PCI mandated penetration testing includes all systems and networks within the cardholder data environment and requires the tests to be undertaken by experienced penetration testers who are independent from those individuals managing the cardholder environment.

Who does the PCI security standard apply to?

Entities that accept credit or debit card payment, collect, process or store card transaction information are required to be compliant with PCI DSS. Failure to meet the security standard can result in substantial fines or expulsion from card programmes.

Section 11.3 of the Payment Card Industry Data Security Standard (PCI DSS) requires organisations to conduct penetration tests at least once a year and after any significant infrastructure or application upgrade or modification. The penetration tests must include the network-layer and application-layer penetration tests both internally and externally.

Contact us today to discuss your requirements for PCI DSS including regular ASV vulnerability scanning, QSA services and PCI DSS penetration testing.