Merchants are required to test for and detect the presence of authorised and
unauthorised wireless access points on a quarterly basis. Our Wi-Fi Security Testing
service has a Discovery module that detects such Wi-Fi access points.
Merchants are required to run internal and external vulnerability scans at least
quarterly and after any significant change in their networks, such as the deployment
of new systems, network changes or firewall rule changes.
Internal vulnerability scans can be conducted by any qualified resource (third party or
merchant staff). External vulnerability scans must be conducted by an Approved
Scanning Vendor (ASV). Our partner's Vulnerability Assessment service has been approved by
the PCI Security Standard Council (PCI SSC) to conduct ASV tests.
Merchants are required to implement a penetration testing methodology that ensures internal and external network and application penetration tests are performed at least once per year and after any significant change, such as when new networks, systems or applications are deployed or upgraded. Testing must also validate any segmentation or scope reduction controls. Our Network Penetration Testing and Web Application Penetration Testing services can assist with meeting these Requirements.