External penetration testing: what it means for your business and your PCI compliance.

What better way could there be to test the capability of your business’s security measures than looking at them through the eyes of a cyber criminal? That’s essentially the purpose of external penetration testing, or PEN testing as it’s commonly known.

PEN testing involves an organised, third party attempt at accessing your business’s IT systems and networks, replicating the tactics and practices of hackers to identify weaknesses and flaws that could be taken advantage of. The testing looks at the efficiency of firewalls and assesses the possibility of an intruder entering interior networks and accessing sensitive data such as customers’ personal information and card payment details. The process focuses on areas where the most common weaknesses occur, usually at the point that two systems integrate.

Protect your reputation

With the ever-increasing threat of cyber-attack, data security is at the forefront of many minds. Today’s consumers have high expectations when it comes to the storing and processing of their personal details. They want to know that your business is doing its utmost to provide a secure transaction environment.

Failure to protect customer data can lead to a serious breach in consumer trust and deal a devastating blow to your brand reputation. Staying one step ahead of the hackers by carrying out penetration testing and addressing vulnerabilities in your networks and processes, reduces the risk of falling victim to cyber criminals while maintaining and reassuring customers that their data is being dealt with in the securest of environments.

Penetration testing and PCI DSS

For businesses that process card payment transactions over the phone and online, PEN testing is an essential part of PCI DSS compliance. The regulations require that penetration testing takes place at least on an annual basis or as and when upgrades and modifications are made to IT systems and networks. To comply with PCI DSS, the PEN testing must include the perimeter of the Cardholder Data Environment (CDE), as well as any systems which, if compromised, could impact the security of it.


At PCI Telecom, we undertake regular penetration testing of our card payment solutions and how they integrate with other systems, rectifying any potential areas that could become vulnerable to cyber-attack. Our cloud-based solutions are accredited to a Level 1 PCI DSS standard and are created and developed to meet the exact needs and requirements of each business that we work with.

By outsourcing your card payment processing to us, you descope your transaction environment from PCI compliance obligations altogether so that you can spend more time focusing on what really matters – delivering your core business to your customers. To find out more about what we can do visit our Solutions page. Alternatively, give us a call to talk through your specific requirements.