Payment Card Industry Data Security Standard (PCI DSS) sets up some requirements to security protection procedures. The companies that work with plastic cards should meet these requirements. One of these requirements is annual penetration testing for external perimeter and internal hosts which handle data about plastic cards. This is independent from Approved Scanning Vendors (ASV) quarterly checks which are aimed to much more deep protection analysis than automated checks.

Rich practical experience gained during XSpider security scanner and MaxPatrol Compliance Management MaxPatrol system development allows Positive Technologies experts to efficiently conduct penetration testing according to PCI DSS requirements. PCI DSS recommendations (Information Supplement: Requirement 11.3 Penetration Testing) and own unique techniques are used. In 2008 Positive Technologies received QSA Associate status which allows us to conduct PCI DSS compliance checks.

The works results achieve the following aims: