Hitachi Group Global Network




Middle East and Africa



Penetration Testing is a Critical Component of PCI Compliance
You are here: Home \ Compliance \ Penetration Testing is a Critical Component of PCI Compliance
Penetration Testing is a Critical Component of PCI Compliance
Posted on Tuesday, August 29th, 2017 by


For any business that handles credit card data, penetration testing has been a requirement since 2013. That’s when the Payment Card Industry Security Standards Council (PCI SSC) updated its compliance regulations to reflect the real and growing risk hackers pose to the trustworthiness of the credit card industry. Version 3.0 of the council’s Payment Card Industry Data Security Standard (PCI DSS) beefed up the pen testing requirements merchants must meet – regardless of any other industry standards they’re following.



Is compliance enough?

You can be 100 percent in compliance with your industry regulations including ISO 27001, NIST, FISMA, HIPAA, Sarbanes-Oxley and even PCI DSS, however, that doesn’t mean you’re ready to withstand a skilled human threat. Compliance does not equal defense, especially if compliance is simply viewed as a box to be checked a single time and then forgotten.

Unfortunately, some of the highest profile breaches of the last several years could have been avoided through regularly scheduled pen testing conducted with industry-accepted methodology. Think of Target’s $200 million in credit card fraud and replacement costs in 2013. Or Home Depot’s $80 million loss in insurance reimbursements after it lost control of 56 million credit card accounts in 2014. The numbers are even more dire for smaller merchants. Shockingly, sixty percent of small businesses that suffer significant cyberattacks close within six months of a breach.



Win first: Sun Tzu on PCI compliance

The great military strategist Sun Tzu said, “Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” Winning first in IT security starts with identifying your weaknesses, figuring out how to exploit them and then using that experience to strengthen your defenses.

Vulnerability assessments are the first step. From there, a skilled managed security services provider can help you prioritize the findings and determine which need to be explored through pen testing. If the ethical hackers who perform your pen test manage to breach your security systems, you’ll learn what you need to do next to protect your most critical systems – and your customers’ credit card data.


Ready to learn more about pen testing and compliance? Download our free e-book, “Pen Testing: Thinking Like Your Enemy Yields World Class Security.”

Download Penetration Testing: Think Like Your Enemy

Robert Bond
About author:
Robert Bond is the Director of Marketing at Hitachi Systems Security. Robert is responsible for the education of prospective customers as well as the satisfaction and engagement of current customers. Robert has been in the information technology, security and digital forensic industries for over 15 years. He has a Bachelors degree from the University of Maryland and an MBA in marketing from Indiana University.

Latest Webinars | Watch Now

Cybersecurity, Cyber Crime and Your Business — How to Strengthen Your Cybersecurity Posture – In collaboration with Cytelligence

Watch Now

Cybersecurity 101 for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now

Introduction to Technical Security Testing for Credit Unions – In collaboration with the Caribbean Confederation of Credit Unions (CCCU)

Watch Now