PCI DSS - Security testing
PCI DSS (Payment Card Industry Data Security Standard) compliance, especially for Reports on Compliance and some self-assessment questionnaires, requires internal and external vulnerability scans and frequent penetration tests.
Payment card data is a prized commodity for cyber criminals and is usually the main target of attacks against commercial environments. The 2018 Trustwave Global Security Report identified that threat actors targeted payment card data in most incidents, with card-track (magnetic stripe) data making up nearly 23% of events, and CNP (card-not-present) data, which is mostly used in e-commerce transactions, comprising almost 20%.
Penetration testing has long been used to help prevent data breaches, understand security weaknesses and test security controls.
This webinar will cover:
- The security testing guidelines to achieve compliance with the PCI DSS;
- The differences between a penetration test and a vulnerability assessment;
- The PCI DSS v3.2.1 requirements for penetration testing and segmentation; and
- How to conduct a penetration testing programme.