In addition to the RoC, Level 1 merchants and service providers must undergo annual penetration testing to get and stay PCI compliant. Below are trusted companies that can perform a PCI penetration test for you.

Breachlock

Breachlock provides pen testing services that include automated web scanning, detailed penetration testing reports with compliance indicators, and fast DevOps remediation to help you

continually meet compliance requirements for PCI DSS.

Learn more

Cobalt

Cobalt’s team of highly vetted pen testers will not only complete a PCI pen test for you to identify vulnerabilities, they will also help you fix them.

Learn more

GRSee Consulting

GRSee Consulting has a comprehensive onboarding process to understand the scope of your platform’s processes and business logic to design customized pen testing that meets your specific needs and goals.

Learn more

Insight Assurance

Insight Assurance’s experienced ethical hackers perform point-in-time penetration testing services to help you meet PCI compliance requirements and have peace of mind.

Learn more

Moss Adams

Moss Adams can perform the annual network- and application-level penetration testing required for PCI compliance.

Learn more

NetSPI

NetSPI is an offensive security company that partners with organizations to customize vulnerability management programs with a focus on penetration testing.

Learn more

Prescient Assurance

Prescient Assurance uses a custom penetration testing methodology that includes all PCI testing requirements and is based on best practices from OWASP, NIST 800-115, and OSSTMM.

Learn more

Red Sentry

Red Sentry’s in-house team of pentesters are certified industry experts with years of experience and education that can deliver accurate and actionable reports for any environment.

Learn more

Software Secured

Software Secured offers 360 penetration testing, a comprehensive security test that helps you meet the requirements of PCI DSS as well as SOC 2, ISO 27001, and HIPAA.

Learn more