PCI DSS Testing

PCI DSS Testing

The Payment Card Industry Data Security Standard (PCI DSS) is an industry standard for the merchant handling and storing of credit and debit card transactions to protect card holders against misuse of their personal information.

We offer full penetration testing services for your cardholder data environment (CDE) to assist with your PCI DSS compliance. We can work with your Qualified Security Assessor (QSA) to ensure all requirements are being met.

pci-dss-pentest

The Payment Card Industry Data Security Standard (PCI DSS) version 3.2 requires that regular security testing is conducted.

Requirement 11.3 states that penetration testing should be conducted on both external and internal systems to ensure requirements are met.

We are able to conduct penetration testing to assist with your PCI DSS compliance, examples of the most common tests are listed below:

  • Internal penetration testing/vulnerability testing
    • Internal vulnerability testing, infrastructure and application penetration testing
  • Internal Cardholder Data Environment (CDE) segregation testing
    • Ensure that the CDE is fully segregated between non CDE and CDE networks 
  • External penetration testing 
    • External vulnerability testing, infrastructure and application penetration testing

Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.

Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.

PCI DSS Testing | PCI DSS Pentest
Accredited Company
Certified Testers
Security Cleared Staff
No Cancellation Fees
Report Walk Through

Frequently Asked Questions

All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.

CREST CertificationsCertified Testers
Practitioner Security AnalystsYes
Registered Penetration TestersYes
Certified Web Application TestersYes
Certified Infrastructure TestersYes

crest approved

Our CREST member status can be viewed, along with the certified tester types we have on the below link:

http://www.crest-approved.org/membercompanies/armadillo-sec-ltd


Our testers are also CHECK Team Leaders (CTL's)  or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.

CHECK StatusCertified Testers
CHECK Team Member (CTM)Yes
CHECK Team Leader (CTL) - InfrastructureYes
CHECK Team Leader (CTL) - ApplicationsYes

Our CHECK status can be viewed on the below link: 

https://www.ncsc.gov.uk/professional-service/armadillo-sec-ltd-check-service

The PCI DSS standard determines how regularly you are required to perform testing. The current standard (Version 3.2) states that internal segmentation tests should be conducted every 12 months for merchants (six months for merchant service providers), and external ASV scans conducted every 3 months.

Any major changes to the environment or if retesting is required for previous conducted tests this can increase the frequency required. The exact requirements should be defined by your Qualified Security Assessor (QSA) handing the PCI DSS compliance.

PCI DSS penetration testing prices are based on the number of hosts/systems/networks that are required to be scanned, and if the systems are externally facing to the Internet and/or if internal to your network, therefore there is not an off-the-shelf price for PCI DSS testing.

For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.

We supply a full penetration testing report for PCI DSS penetration testing, which covers the following:

  • Executive management summary - Non technical overview of issues for management board level
  • Detailed technical findings - A complete list of all issues identified
  • Affected hosts - A list of all hosts affected, including the associated network port
  • Risk level - Impact, likelihood and overall risk ratings are listed for each issue
  • Examples - Output or screenshots to demonstrate the issue
  • Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist

A sample report can be supplied upon request.

We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.

We offer the full range of cyber security testing services

Ready to discuss your project?

misson banner scs
PCI DSS Testing | PCI DSS Pentest