PCI Network Security Penetration Testing

Services clients purchase before

PCI ASV Security Vulnerability Scanning

Services clients purchase after

PCI Website Security Penetration Testing

Testing for PCI DSS Compliance Checklist
The Business Case for Penetration Testing
Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

Quote details

What is it?

A PCI Network Security Penetration Test is the method for evaluating the security integrity of a network that processes, stores or transmits card holder data by simulating an attack from a hacker. The purpose of the test is to see if a hacker can access or compromise the card holder data. Effective testing will illustrate if and how it can be done given your current network defences.

Why should I do it?

Conducting security penetration testing will enable your business to verify the security integrity of your systems and ensure that you can identify and stop unauthorised access. It will test business response times to security incidents and check that your security policies procedures and systems administration are correctly implemented. It is also required for compliance to the Payment Card Industry (PCI) Data Security Standard (DSS), (Control 11.3).

How often should I do it?

Annual testing of external IP addresses associated with cardholder data is mandatory for compliance to the PCI DSS and after any significant change.

What will Risk Factory do?

  • Conduct one Security Penetration Test of your network required for compliance in accordance with requirements established in the PCI DSS.

What will I receive?

  • A detailed report of the findings documenting any vulnerability identified and detailing recommendations for mitigating that vulnerability. To see a sample contact our Risk Factory Foreman.
  • On-call telephonic support from an information security consultant for two weeks after the test to answer any questions you may have about the report or remedial recommendations.
  • A free retest two weeks after the original scan to ensure recommended remedial actions were effective in mitigating any critical vulnerability originally identified.
  • A certificate of validation for evidence of compliance.

Do I need to prepare anything in advance?

We just need a list of the internet facing IP addresses associated with your Card Data Environment (CDE). If you don’t know these IP addresses, don’t panic our Factory Foreman can help you.

Don’t forget to specify the exact number (quantity) of tests you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each test purchased. You can for example, purchase multiple tests (for better value) and get them delivered over time when you need them to match your ongoing business requirements.