PCI DSS Penetration Testing

  • Home
  • PCI DSS Penetration Testing
PCI DSS Penetration Testing

PCI DSS Penetration Testing

Complying with payment card data security standards


The security of cardholder data is vital for many organisations and PCI DSS (Payment Card Industry Data Security Standard) compliance requires that penetration testing is performed at least annually, or after significant changes are made to the infrastructure, applications or systems that store, process or transmit sensitive cardholder data.

The goals of penetration testing in relation to PCI DSS are:

  1. To determine whether and how a malicious user can gain unauthorised access to assets that affect the fundamental security of the system, files, logs and/or cardholder data.
  2. To confirm that the applicable controls, such as scope, vulnerability management, methodology, and segmentation, required in PCI DSS are in place.

PCI DSS penetration testing is designed to include assessment of network infrastructure and applications from both outside and inside an organisation’s network environment.

PCI DSS penetration test will also help to identify:

  1. Unsafe system and network configurations
  2. Improper access controls
  3. Rogue wireless networks
  4. Coding vulnerabilities like XSS and SQL injection
  5. Broken authentication and session management
  6. Encryption flaws