Penetration Testing with Compliance 101
There’s a war being waged in the digital world — a war for coveted credit card information. You have it, thieves want it and they’ll stop at nothing to take it.
Imagine an army of skilled hackers, each with their own diabolical database of tactical strategies to breach your network. Day and night they’re on the attack, scouring your systems to find the one vulnerability that will allow them access to all of your most valuable information, from credit card numbers and expiration dates to customer names, addresses and social security numbers. Terrifying? Not if they work for you.
When you sign up for penetration testing through Compliance 101, you get an elite team of experts, all with the same skills, experience and knowledge as the most notorious hackers on the Internet. These tech wizards will engage in a number of simulated attacks on your systems, using the latest hacking techniques to find the weak spots that hackers are eager to exploit.
What is penetration testing?
Penetration testing is a powerful tool for preventing intrusion into your network and systems. Using a strategy known as “ethical” (or “white hat”) hacking, penetration testing identifies vulnerabilities in your data security and the extent to which these vulnerabilities can be exploited by hackers.
Tests are run on software and devices within your system to inspect web applications and databases, and to search for malicious intrusions, such as adware and spyware. Tests are also performed on various data security measures, including firewalls and intrusion detection systems.
Using an effective combination of automated tools and manual techniques, penetration testing probes for specific weaknesses, such as technical flaws, that make your system vulnerable. When the penetration testing is complete, you will receive a risk assessment and a detailed outline of the steps you need to take to eliminate vulnerabilities and vastly improve data security.
Why do I need penetration testing?
If the thought of hackers storming the walls of your virtual fortress leaves you unfazed, there are other reasons to conduct penetration testing.
PCI DSS Requirement 11
Requirement 11 of the Payment Card Industry Data Security Standards (PCI DSS) states:
“Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.”
Requirement 11.3 more specifically designates that any business that accepts credit cards must:
“Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a web server added to the environment).
Penalties and fines
The penalties for a security breach while out of compliance can range from a slap on the wrist to substantial fees. Issuing banks and credit card processors can be fined up to $500,000 for regulatory compliance violations. These costs are inevitably passed on to you, the merchant. In addition, it’s likely that you’ll see an increase in transaction fees.
Long term damage
Penalties can put a significant dent in the company coffers, but they are nothing compared to the damage that a data security breach can do to your business. If your security is compromised while out of compliance, you run the risk of losing your merchant account, which means you’ll be unable to accept credit cards.
While that is detrimental in itself, merchants who lose their accounts are placed in the Visa/MasterCard Terminated Merchant File and are ineligible for another merchant account for several years. The results are devastating, irredeemably destroying your credibility, customer loyalty and, ultimately, your entire business.
How do I get penetration testing?
Compliance 101 can help you to start penetration testing today. Just sign up with us to improve your security and maintain compliance. Not sure if you’re compliant? Find out by completing a self-assessment questionnaire.