Penetration Testing for the Business

The major question that we should ask ourselves is whether penetration testing is mandatory? PCI test is a crucial process if your business has to remain safe. A lot of unguided speculations have been running around the media, due to misinformation. Traders rely on untested facts, which exposes them to possible fines because of lack of compliance. Any business person should first consider evaluating his or her PCI compliance. Therefore, linking with experts in the field of PCI would improve the performance of validation.

The frequently asked question.

Through our process to provide knowledge on PCI, we encounterdifferent questions. Subsequently, we strive to give well-informed feedback for the benefit of our clients.

Question: in the version 3.0, it is stated that I should apply for penetration testing. While doing the test in version 2.0, it was only recommended. Besides, is it a MUST to have version 3.0 testing?

Answer: version 3.0 penetration is a requirement by the PCI DSS. Although the testing is not new compared to the version 2.0, there have been some improvements. The decision to restructure the guideline was arrived at after the council realized the importance to heighten security of the cardholder. It is, therefore, a must for any trader to conduct the PCI test in version 3.0

Key Changes in Penetration PCI

The following paragraph will show the critical changes in PCI penetration

  • The methodology adopted to test PCI penetration should be acceptable in industry-based standards.
  • Testing should cover the applications and networks to ascertain for vulnerabilities.
  • Penetration should be performed on both internal and external networks, on an annual basis. Furthermore, it can be conducted due to change of network infrastructure or on request.
  • Any problem identified in the process of testing should be solved and retested to ensure it’s cleared.

Additionally, the following posts would guide you in understanding the penetration process:

The PCI Security Standard Council has provided penetration guidance document, which can be accessed through this link:

https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf.