An Explanation Of PCI Penetration Testing
This test is designed to discover any potential network security gaps or weaknesses while comparing the results to the current standards of the PCI-DSS. Every firewall, web site, web program, and computer application will be vigorously tested during this process. The goal is to determine the possibility of an outside entity gaining access to your computer network and determine if there is a risk to the sensitive cardholder information that is handled during the processing of credit cards.
Penetration Testing of this sort is bound to follow the standards set forth by PCI-DSS Requirement 11.3, which states the following:
11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment). These penetration tests must include the following:
- 11.3.1 Network-layer penetration tests
- 11.3.2 Application-layer penetration tests
In short, during this type of test, we will be attempting to break into the credit card environment of your computer system in the following three ways:
- Externally – From the Internet
- Internally – From the local network
- Internally – Attempt to break something within the credit card environment
The Many Benefits Of PCI Penetration Testing
The multifaceted and extremely thorough nature of this assessment is one of its greatest values. Not only will you be made aware of any ways or means in which your established expectations of information security safeguards are not being met, we will also be able to advise you of any new methods or procedures which might be added to your existing set-up in order to raise the standard your company sets for information security and consumer confidence to the highest level.
While not required by every company that handles or accepts credit cards as a form of payment, if you are a Level 1 Merchant you need this test.