If your bank is requiring your company to perform a penetration test as part of your PCI compliance, you’re not alone. Payment Card Industry Data Security Standards (PCI-DSS) are now requiring penetration testing (or pen tests) for all organizations that accept credit card payments. It’s an added way to ensure the security of credit card transactions and associated storage practices.
So what, exactly, is penetration testing? It’s a way to test your system’s security by trying to exploit its weaknesses. In the same way that the Federal Reserve requires FDIC-insured banks to undergo stress tests, penetration tests are safe methods of attempting to identify security weaknesses in your systems. As the saying goes, one of the best ways to help protect against hacks into your systems is for someone you trust to try hacking into your systems. This will allow you to rectify security issues before they can be exploited by unauthorized individuals.