PCI Penetration Testing

Optiv offers PCI penetration testing services as part of a comprehensive suite of PCI consulting and compliance services.

Demonstrate Compliance with PCI Penetration Testing

As of 2017, organizations working to comply with the Payment Card Industry Data Security Standard (PCI DSS) must incorporate PCI penetration testing as part of their annual PCI risk assessment.


PCI penetration testing is intended to identify vulnerabilities in applications that could be exploited by malicious individuals to gain access to credit card information. While vulnerability scanning (also required for PCI compliance) involves an automated approach to evaluating software security, PCI penetration testing is a manual methodology that simulates the techniques used by real-world attackers. PCI penetration testing must include the perimeter of the Cardholder Data Environment (CDE) along with any applications or systems that could impact security if breached.


PCI penetration testing involves a highly specific skill set and a level of expertise that must be outsourced to a cyber security provider. Choosing the right firm is important, not only for ensuring quality results but in order to integrate PCI penetration testing into a broader program for PCI compliance. For organizations that wish to streamline PCI compliance by reducing cost and complexity, Optiv offers PCI penetration testing as part of a comprehensive suite of PCI consulting and compliance services.


PCI Penetration Testing Services from Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions that enable organizations to plan, build and run successful security programs. Offering a complete portfolio of services, products and solutions, we help organizations define strategy, identify risks, deploy leading technologies and ensure operational readiness to defend against a myriad of threats.


We offer PCI penetration testing services as part of our enterprise risk and compliance offerings, with compliance services for HIPAA, Sarbanes-Oxley, NIST, and the European General Data Protection Regulation (GDPR) framework, among others. We help organizations transform compliance efforts from a necessary chore to a competitive advantage through better decision-making, greater agility and clearer insight. Our approach helps to build a business-aligned compliance program that delivers a greater return on investment while improving security and compliance throughout the organization.


Our PCI penetration testing services are delivered by a bench of PCI specialists and interpreted by PCI consultants with an average of 15 years experience in building and managing risk and compliance programs.


Beyond PCI Penetration Testing: Comprehensive Compliance Services

In addition to PCI penetration testing, we offer comprehensive services for PCI compliance that include:


  • PCI Gap Analysis
  • PCI Readiness Review
  • PCI SAQ Guidance
  • PCI ASV Scanning Services
  • PCI PA-DSS Assessment
  • PCI DSS Assessment
  • PCI Executive Workshop
  • PCI Risk Assessments
  • PCI Scope Reduction Strategy
  • PCI QSA Remediation Guidance


Learn more about PCI penetration testing, and about Optiv solutions for compliance with the NIST risk management framework.