Pentesting Designed for PCI

Raxis performs manual pentesting to meet PCI-DSS requirements and will work closely with your Qualified Security Assessor (QSA) to ensure that the compliance standards are met for your in scope systems. We're different because we work as an extension of your team.

Our goal is to help you improve security for your cardholder data while also satisfying the PCI requirement, so the more detail you can provide your pentester about your application and systems, the better it is for everyone.

Contact us and we'll be glad to help customize a quote to meet your needs.

Success! Your message has been sent to us.
Error! There was an error sending your message.

Get a Fast, No Hassle Quote


PCI Compliance Requirements

The Payment Card Industry (PCI) requires that pentesting be completed for compliance as of July 2015 as part of PCI-DSS Requirement 11.3. This is different from a vulnerability scan in the sense that a pentest will attempt to breach the security vulnerabilities that are discovered. This ensures that any findings are not false-positives as each will be supported by screenshots and data exfiltration evidence. In addition, PCI-DSS 11.3.4 requires that segmentation checks be performed to confirm that any segmentation used remains effective and valid. Segmentation checks may not be performed by management of the Cardholder Data Environment (CDE) and should be performed by a third party.

Network Segmentation Testing

Based upon specifications prescribed by PCI DSS 11.3, our pentester will perform a comprehensive penetration test of the Cardholder Data Environment (CDE) perimeter and any systems that could impact the security of the CDE. This includes any system that processes, stores, or transmits credit card information. Often this is referred to as the PCI segment, and it usually is completely separated from other out-of-scope systems that do not handle cardholder data. As part of the PCI pentest, Raxis will test segmentation of the PCI segment and ensure that out-of-scope systems remain completely separate from the CDE. We'll work closely with your team to determine the appropriate scope of the environment to ensure that time and cost is appropriate for the PCI pentest.

Penetration Testing

A simulated attack on your Cardholder Data Environment designed to find security vulnerabilities you didn't know existed.

Social Engineering

Test the human element and discover weaknesses in your visitor and vendor processes that you never knew you had.

Phishing & Vishing

Both email and verbal/phone phishing are highly effective techniques to test security awareness.