Pentesting for PCI Compliance

Payment Card Industry Data Security Standards (PCI DSS) applies to all businesses that process, store, and/or transmit credit cardholder data.

Achieving PCI Compliance

PCI DSS Compliance is a continuous process that includes Reporting, Assessing, and Remediation. In general, there are four parts to achieving PCI compliance: 1) Completing the appropriate questionnaire; 2) Vulnerability Scan; 3) Penetration Test; 4) Policy Assessment. Once all steps are complete an Attestation of Compliance may be submitted.
Alacrinet's team of assessors focus on the pentesting and vulnerability scans portions of the PCI requirements. We provide high quality results by staying focused on our area of expertise and years of pentesting experience.

Pentesting for PCI

Mobile Solutions Reduced Maintenance Costs

Who

Mobile Solutions Accessible Anywhere

When

How

Qualified assessors with industry certifications and previous penetration testing experience.

A manual process that may include the use of vulnerability scanning or other automated tools, resulting in a comprehensive report.

At least annually and upon significant changes — for example, infrastructure or application upgrade or modification — or new system component installations.

Mobile Solutions Reduced Maintenance Costs

Who

Qualified assessors with industry certifications and previous penetration testing experience.

Mobile Solutions Accessible Anywhere

When

At least annually and upon significant changes — for example, infrastructure or application upgrade or modification — or new system component installations.

How

A manual process that may include the use of vulnerability scanning or other automated tools, resulting in a comprehensive report.

3rd Party Assessments

PCI Security Standards require penetration tests be done by a qualified 3rd party or qualified internal resource that is organizationally independent. Most organizations choose to work with outside pentesters for their expertise as well as the simplicity of scoping a project with them.

A key benefit of working with 3rd party assessors is the unique perspective that each brings, to help strengthen your security posture. While there are general standards for penetration testing, different assessors may find different results. With the complexity of network architectures, and the need to evaluate within a specific scope, opting to work with multiple vendors over time helps minimize vulnerabilities.

Get in touch to discuss pentesting for your environment

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Learn More About Penetration Testing
x

Questions about
PCI Pentests?

Contact us to learn more about penetration testing for PCI DSS.