WHY YOUR ORGANIZATION MUST PERFORM THESE TESTS TO VALIDATE PCI COMPLIANCE.
Penetration Testing may be a new concept to you, and we want to get you comfortable with why it is required, what it is, and what you have to do to protect your systems. It’s actually pretty simple.
“Pentesting” is an in-depth test security test performed by our security professionals using the same techniques hackers use. MVP teams create “real-world” simulated attacks against your systems using the same devious tricks that hackers and others use to get into your systems and steal your data.
We do so in a safe and secure manner, usually within one business day, and at a cost that is 90% LESS than what others charge – and they can take 6 weeks.
Following the process is as easy as giving us some system data (addresses) and downloading our secure mini-program robot that performs the test and searches for “loose” credit card data.
We find issues that allow hackers to steal your data 94% of the time!
MVP helps your credit card processor by delivering these tests in a cost effective, secure, professional manner as is required by the card brand rule set.
Tougher Penetration testing requirements, mandated by the Payment Card Industry Data Security Standard (PCI DSS) became effective July 1, 2015. Merchants MUST validate that credit card data is NOT being stored and if transaction processing systems are safe from malicious hacker attacks. Without the proper third-party tests like our Penetration Tests, merchants are “non-compliant” and risk data breaches, fines and increased costs.
Primary Account Number Scan
In addition – MVP will perform a “PAN” scan (Primary Account Number Scan) on your systems – looking for card numbers and track data (data on the magnetic stripe on the back of a card!) that may have found their way onto your systems. We’ll let you know if we find anything so you can deal with it – before the hackers do.
With a few rare exceptions - you shouldn’t have this info in stored on your system. Each exposed card can generate a fine of up to $5,000 - so we need to make sure that won’t happen to you!
In order for your system to be “PCI Compliant” these tests must be run once per year, or at “every major system change”. Those are the rules established by the “PCI Standards Council” which is an operating group created by the card brands to help merchants be as secure as possible. Hackers can enter your system, place trackers on your system transferring ALL data to them. And they won’t stop at just card data. They’ll steal ALL your data, hold it for ransom and then delete your website.
At the conclusion of the testing, you will receive a very detailed report that outlines any issues with your system so that you can address them with your IT professionals.
Issues range from simple things like missing required software update patches to vulnerabilities in your firewalls that would allow an attacker in. Others charge up to $10,000 for these tests.
At MVP, we deal with many businesses, and we often hear things like “I’m too small to be a target” or “I don’t think this applies to me” or even “My brother-in-law Ed has the same system as me and HIS processor doesn’t require a Pen Test”.