PCI DSS Services
What is PCI-DSS Services?
Compliance with the Payment Card Industry Data Security Standard (PCI-DSS) is mandatory for all entities that store, process or transmit cardholder data. This ensures a baseline level of protection for consumers and banks. Among the different key controls required by PCI-DSS, are regular penetration tests and vulnerability scans of internal and external network infrastructures and applications.
What We Offer
Intellisec Solutions offers PCI-DSS penetration testing and vulnerability assessment services that can help your organization achieve PCI-DSS compliance, maintain it, or test and improve the security level of its payment systems.
The standard requires recurrent penetration tests and vulnerability assessments. So, when you work with us, you get to choose between a one-time assessment or subscription-based recurrent assessments.
After analyzing your network infrastructure and applications (both the external and internal perimeters), we formulate recommendations that help you mitigate vulnerabilities and any points of non-compliance identified. This enables you to see your payment security posture through the eyes of a hacker and discover where you can improve.
Intellisec Solutions covers the different types of testing required by PCI-DSS v3.2.1: internal and external penetration tests (section 11.3 of the standard) , vulnerability assessments (section 11.2) and segmentation tests (11.3.4).
To comply with PCI-DSS requirements, our approach:
- Is based on a well-established penetration testing methodology that is based on industry best practices and standards such as the OWASP, Penetration Testing Execution Standard (PTES) and NIST SP800-115
- Includes coverage for the entire Cardholder Data Environment (CDE) perimeter and critical systems
- Includes testing from both inside and outside the network
- Includes testing to validate any segmentation and scope-reduction controls
- Includes testing for Web application vulnerabilities listed in Requirement 6.5
- Includes network-layer penetration tests (operating systems, exposed services, misconfigured devices…)
- Includes review and consideration of threats and vulnerabilities experienced in the last 12 months
Our testing methods exceed PCI-DSS requirements as we not only focus on compliance but also strive to give you answers to questions such as: Can attackers access credit card information? Can they obtain unauthorized access to sensitive information? How can you minimize the risk of attackers compromising the confidentiality, integrity or availability of Internet facing networks?
As per the frequency of tests, you can choose between one-time penetration tests/vulnerability assessments and subscription-based recurrent assessments.