PCI DSS Compliance


PCI DSS security testing expertise

BreachLock™ provides end to end PCI DSS coverage for Security Testing.


Manual Penetration Testing

PCI DSS explicitly demands manual penetration testing to be part of your security governance. Our platform is backed by certified security researchers that are certified and qualified to perform PCI DSS Penetration Tests.


Quarterly ASV scans

BreachLock™ has partnered with ASVs to integrate our solution with an ability to launch and control quarterly ASV scans for you. This ensures that you have one managed service covering both manual penetration testing and PCI ASV certified scans for you.


PCI Compliance Expertise

BreachLock™ has deep insights into PCI DSS requirements. This is why we are able to analyze your PCI requirements and advise you on what your compliance obligations are with respect to security testing.


Application and Network Coverage

Our expertise covers your whole IT landscape. Whether it’s your web application, mobile application, external network or internal network segmentation test, we test all of that. This ensures you have one vendor that meets all your security testing needs.

BreachLock™ Security Testing offering mapped to PCI DSS Requirements

PCI DSS Requirement 6.1

The requirement 6.1 can be fulfilled by establishing a process to identify security vulnerabilities in your internal and external applications, by using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as ‘high,’ ‘medium,’ or ‘low’) to newly discovered security vulnerabilities

PCI DSS Requirement 6.2

To fulfill requirement 6.2 ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.

PCI DSS Requirement 11.3.1

The requirement 11.3.1 covers the necessity to conduct external penetration testing at least once in every six months and after any significant change or upgrade of the organization’s infrastructure or application.

PCI DSS Requirement 11.3.2

The requirement 11.3.2 includes all the requirements as discussed in 11.3.1, but instead of an external pen test, the organization needs to perform internal pen tests. These pen tests are required to be performed at least once every six months.

PCI DSS Requirement 11.3.3

The requirement 11.3.3 says that the vulnerabilities (loopholes) found during the pen tests must be resolved and additional testing should be performed until the vulnerabilities are dealt with properly.

PCI DSS Requirement 11.3.4

The goal of the requirement 11.3.4 is to verify that the segmentation methods used are efficient and operational and also the out-of-scope systems are isolated from the systems in cardholder data environment.

Learn more about BreachLock. Read our

FAQ Page