PCI DSS: Which penetration test does my organization need?

The PCI DSS sets out various requirements for merchants and service providers. To safeguard the payment card data and achieve compliance with the latest iteration of the payment security standard, organizations need to assess potential vulnerabilities on their networks and systems.

The PCI DSS requires penetration tests for a number of purposes, including testing web applications, scanning for rogue wireless access points, proving segmentation, and identifying potential vulnerabilities.

A number of tests are available to meet the requirements of the PCI DSS, depending on the organization’s scope and requirements. The table below provides some information about the Standard’s specific testing requirements.


Penetration tests help organizations to identify potential vulnerabilities in networks, systems, websites, web applications, and wireless networks by combining a series of manual assessments alongside automated scans.

Organizations looking to identify their vulnerabilities with a penetration test can opt for:

  • Web Application Penetration Testhelps you identify potential vulnerabilities in your websites and web applications. In addition to the penetration tests, IT Governance’s consultants will provide you with recommendations for improving your security posture, and achieving compliance with the PCI DSS and ISO 27001.
  • Wireless Network Penetration Testthe WLAN penetration test is designed to help you find and fix WLAN weaknesses. The service includes a consultation session, scoping, manual tests, wireless surveys, automated and manual identification of vulnerabilities, recommendations, and a detailed technical report.