PCI-DSS
PCI-DSS (Payment Card Industry Data Security Standard) is a set of technical and organizational requirements designed to help businesses protect their customers’ credit card data against fraud through robust payment security measures. PCI-DSS is enforced by the founding members of the PCI Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc. To ensure the security of card data, one of PCI’s key security controls requires organizations to perform a yearly security assessment of their card-handling systems to fix any technical vulnerability that could potentially compromise card payments or its processing.
Our penetration testing services are designed to facilitate compliance with the PCI-DSS requirements.
- Prevent costly fines
- Protect credit card data
- Protect card-processing systems
- Secure partnerships
- Establish customer trust
- Improve your cybersecurity
What is the scope of a PCI - DSS Penetration Test ?
Organizations Generally Focus Most of their effort on securing their external networks,leaving their internal cybersecurity vulnerabilites our penetration testing focuses on ,but is not limited to the following:
Internet Servers
External Networks
Website, Applications & API
Wireless Networks
Card Payment Machine
Cloud Infrastructure
PCI-DSS Penetration Testing Requirements
Our services have helped hundreds of organizations comply with the PCI-DSS yearly pentesting requirements:
PCI DSS Requirement 6.1
Establish a process to identify security vulnerabilities in your internal and external applications, by using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as ‘high,’ ‘medium,’ or ‘low’) to newly discovered security vulnerabilities.
PCI DSS Requirement 6.2
Ensure that all software and system components are protected from known vulnerabilities by installing the applicable security patches provided by the supplier. You must install the patches within the first month following their release.
PCI DSS Requirement 11.3.1
Perform external penetration tests at least once a year and after any significant changes or upgrades to the infrastructure / application (for example, upgrading the system, adding a subnet or web server to the environment, etc.).
PCI DSS Requirement 11.3.2
Perform internal penetration tests at least once a year and after any change or upgrade significant infrastructure or the application (for example, upgrade of the operating system or adding a subnet or web server in the environment).
PCI DSS Requirement 11.3.3
Vulnerabilities found during the penetration tests must be fixed and additional testing must be performed until the identified vulnerabilities have been successfully corrected.
PCI DSS Requirement 11.3.4
If segmentation is used to isolate the CDE from other networks, penetration test must be performed at less once a year and following modification of the methods / controls of segmentation to verify that the segmentation methods are operational and effective.
Contact Andromeda Information
Andromeda Risk Consulting is a global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface digitally, physically and socially.
Certified Security Experts
Our security experts are exceptionally qualified and confirmed by CEH, ECSA, OSCP, CISA, CISSP, and numerous others.
Communication & Collaboration
After surveying the code our specialists shared the best answers to correct them. Our experts will communicate with you for any further implementations.
Research-Focused Approach
We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.
Free Remediation Testing
Once your team addresses remediation recommendations, Andromeda Risk Consulting will schedule your retest at no additional charge.