PCI Testing: A Mandate for Cardholder Security
It’s no secret that cardholder data presents a tempting target for cybercrime. That’s why the major credit and debit card providers have established the Payment Card Industry Data Security Standard (PCI DSS), which applies to all merchants and service providers that store, process or transmit cardholder data.
The PCI Standard mandates basic security best practices that include implementing and ensuring the effectiveness of defenses and procedures including firewalls, anti-virus applications, security patches, intrusion detection and prevention systems (IPS and IDS), and end-user awareness and incident-response programs.
Security Testing for PCI Validation and Compliance
The PCI DSS Standard V2.0 requires the same set of security measures for all merchants and service providers, regardless of transaction volume or card acceptance channel (e.g., in-store vs. e-commerce). Organizations must not only implement these measures but also validate that they are working effectively to achieve PCI compliance.
Core Security offers solutions to follow both the letter and spirit of PCI security mandates. Proactively testing your security measures is one of the easiest things you can do to comply with and validate multiple PCI requirements. Core solutions enable you to run regular, controlled and safe data breach attempts against your network, endpoint and web application security infrastructure. As a result, you can quickly and easily demonstrate whether your security defenses and response plans are in-place and working as mandated by the PCI Standard. What’s more, regular, automated and scalable testing helps ensure the ongoing efficacy of your overall security posture and offers actionable risk assessment back to the auditors and the business.
Fulfill the Penetration Testing Requirement and More …
PCI DSS Requirement 11.3:
Perform penetration testing at least once a year and after any significant infrastructure or application upgrade or modification.
Many Core Security customers rely on Core Impact® Pro as a key component of their regular penetration testing initiatives and recognize the solution’s role in their successful fulfillment of PCI DSS Requirement 11.3.
With Core Impact, you can conduct automated, repeatable, and documented penetration tests across all systems that handle payment card data. This simplifies the compliance process, whether you need to complete the PCI Self-Assessment Questionnaire or prepare for an external audit by a Qualified Security Assessor.
Core Impact can also be used to validate compliance with a number of additional PCI mandates.