The PCI Data Security Standard is a comprehensive set of requirements for proactive enhancement of payment account data security. The standard was developed by the founding members of the PCI Security Standards Council, including Visa, MasterCard, American Express and Discover Financial Services.
The Payment Card Industry (PCI) standard is a 'security guideline' developed by credit card companies to ensure the proper handling and protection of cardholder account and transaction information. The goal has been to develop and facilitate the broad adoption of consistent data security measures globally.
PCI DSS Requirements
PCI DSS includes requirements for security management, policies, procedures and network architecture, as well as other critical protective measures. The primary focus is a comprehensive standard intended to help organizations protect customer account data.
Section 11.3 specifically points to requirement for security testing
11.3 Perform penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).
- These penetration tests must include the following:
- 11.3.1 Network-layer penetration tests
- 11.3.2 Application-layer penetration tests
iVOLUTION Security is strategically positioned to assist merchants of all levels with the requirements for compliance with the PCI Data Security Standard including penetration testing and vulnerability scanning.