Payment Card Industry Data Security Standard (PCI DSS) developed by Visa and MasterCard explicitly requires regular penetration tests to be performed against card processing infrastructures in order to assess their security. The standard requires both external and internal tests to de conducted at both "application" and "network" levels.
One of the biggest challenges for customers in need of PCI-DSS is reporting. In order to be accepted by a QSAs (Qualified Security Assessors), a PCI DSS penetration testing report has to contain several additions and extensions comparing to a regular penetration testing report. Security analysts of Blue Frost Security are experienced in developing comprehensive reports necessary to pass audits but going beyond compliance and providing a real picture of the infrastructure's security.
Sometimes scopes of assessments can be very large however, our expertise in the banking field allows analysts to quickly identify possible attack vectors in scope and further examine them to use project timeframe optimally.