PCI Compliance Testing

Vulnerability Scanning To Ensure PCI Compliance

Your company’s future depends on achieving and maintaining compliance with the Payment Card Industry (PCI) requirements. PCI DSS regulations for protecting cardholder data require all merchant levels to have regular network scans in order to detect possible vulnerabilities. These scans can only be performed by PCI-certified Approved Scanning Vendors.

ASV scanning involves utilizing a set of data security services and tools to verify compliance with PCI DSS standards. To do this, ASVs carry out an external vulnerability scan of an entity’s network. This includes devices, IP addresses, and network components that are considered in-scope for the scan. The results include valuable information about network weaknesses which can then be used to remediate and strengthen their system.

Approved Scanning Vendor Qualifications

I.S. Partners, LLC. has met all of the strict standards set by the PCI SSC for ASVs to perform scans and check security procedures. This includes registration, program guide approval, and receiving an attestation of compliance through the PCI SSC. We help ensure that organizations meet the six objectives defined by PCI DSS:

Develop and implement a clear information security policy,
Build and maintain a secure network,
Run a Vulnerability Management Program,
Apply solid access control measures,
Monitor and test network security,
Protect cardholder data.

Comprehensive Support For PCI Compliance

PCI compliance is complex, but it doesn’t need to be stressful. I.S. Partners, LLC. provides complete external scanning services for companies of all sizes. We work closely with clients to understand their risk assessment goals and create a strategy for testing without disrupting regular business operations.

Get more information by calling our office (215) 631-3452 or filling out our contact form below.

What must penetration testing include for PCI compliance?

A penetration test must include manual testing, performed by qualified individuals who can accurately emulate the activities of a malicious user attempting to compromise the cardholder environment.
Penetration testing in support of a PCI Assessment must include not only vulnerability scanning but also attempts to exploit the vulnerabilities identified. PCI may require External Penetration Testing, internal Penetration Testing, and external vulnerability scans by an approved scanning vendor (ASV). Internal penetration testing requires tests of network segmentation controls used to reduce the scope of the PCI Assessment.

Does PCI DSS only apply to businesses that store credit card information?

No. Any business or merchant that accepts credit card payments, transmits cardholder data, processes transactions and/or stores cardholder information falls under PCI DSS requirements.

What are the penalties for PCI non-compliance?

Based on the discretion of the credit card company, acquiring banks can be fined from $5,000 up to $100,000 per month. Banks may pass off this fine to the business or merchant as well as increase transaction fees for the business or terminate their business relationship.