Home

Penetration Testing

Get a penetration test that simulates a real-world attack.
What our customers are saying:
No items found.
Jump to Section
Features
How it works
FAQ
Resources
Why SM

Request a Quote

Penetration testing features

PCI program solutions for acquirers and ISOs

SecurityMetrics PCI programs are merchant-friendly, keeping them and you happy.

Feature
Basic
Plus
Pro
Advisor
Online Portal
checkcheckcheckcheck
Merchant PCI SAQ
checkcheckcheckcheck
SAQ Pre-Population
checkcheckcheckcheck
ASV scans (1/merch)
checkcheckcheckcheck
PCI Policy Template
checkcheckcheckcheck
24/7 Help Desk
checkcheckcheckcheck
24/7 Scan & SAQ Support
checkcheckcheckcheck
Partner+ Portal
checkcheckcheckcheck
Custom Email Campaigns
checkcheckcheckcheck
Assigned CSM
checkcheckcheckcheck
ASV scans (5/merch)
checkcheck
$100,000 Merchant Premium Service Warranty
checkcheck
Card Data Discovery
checkcheck
Mobile Device Scan
checkcheck
AI-Powered PCI Compliance (Spectre AI)
checkcheck
Anti-Malware Software
check
Get started on your PCI program, request a quote now.
Request a Quote
PANscan
Lite
PANscan
Basic
PANscan
Advanced
Total number of card data found
checkcheckcheck
Files containing card data
checkcheckcheck
Light on system resources
checkcheckcheck
Immediate summary results
checkcheckcheck
Fast Scans (1-3 GB/min)
checkcheckcheck
Tuned to reduce false positives
checkcheckcheck
Unlimited scanning (per machine)
checkcheckcheck
Technical support
checkcheckcheck
View card type
checkcheck
View track data
checkcheck
View file path to payment card data
checkcheck
Navigation to cardholder data
checkcheck
Mark files as false positives
checkcheck
Specify which drives to scan
checkcheck
Save current results
checkcheck
Clear current results
checkcheck
Exclude image files
checkcheck
Exclude executable files
checkcheck
Online scanning
checkcheck
Offline scanning (optional)
check
Exclude specific file types
check
Exclude specific file directories
check
Scan for specific file types
check
Scan specific directories
check
Preserve last access dates
check
Export text report
check
Check for spaces/dashes in card numbers
check
Linux support
check
Mac support
check

PCI for small businesses starting at

$399/year*

Price discounts available depending on merchant processor

  • External Vulnerability Scan (1 IP)
  • Online PCI Self Assessment Questionnaire (SAQ)
  • Online compliance reporting portal
  • Non-compliance notification
  • Compliance reporting to merchant processor
  • Compliance certificate
  • PANscan® (Card discovery software for 1 machine)
  • Service warranty (Up to $100,000 reimbursement in case of a breach)
  • Security Awareness Training (1 seat)
Get Started

*We discount our services for most merchants because of our relationship with their merchant processor.
Looking for Acquirer or PCI program pricing? Click here.

Penetration testing steps

Basic

Starting at
$1,499
USD/year
The Basics
For small practices
Request Quote
Compliance Management
  • Online Portal Access (Software to help you work towards HIPAA compliance)
Services
  • Security Fundamentals Checklist
  • $100,000 Service Guarantee
  • Monthly Perimeter Scans: 1 IPs
  • Risk Analysis
  • Risk Management Plan
  • Monthly HIPAA Newsletter
Compliance Management
  • HIPAA Policies & Procedures (including Breach Notification Policy and Business Associate Agreement Template
  • HIPAA Training: 3 seats
  • 5 Hour Technical Support (inbound tech support only)

Pro

Starting at
$4,999
USD/year
Tools, Training & Unlimited Support
For medium-sized practices
Request Quote
Compliance Management
  • Online Portal Access (Software to help you work towards HIPAA compliance)
Services
  • Security Fundamentals Checklist
  • $100,000 Service Guarantee
  • Monthly Perimeter Scans: 5 IPs
  • Risk Analysis
  • Risk Management Plan
  • Monthly HIPAA Newsletter
Compliance Management
  • HIPAA Policies & Procedures (including Breach Notification Policy and Business Associate Agreement Template
  • HIPAA Training: 25 seats
  • Unlimited Support (specialized HIPAA support agents available for guidance on all HIPAA tools)

Basic

For SMB’s looking to achieve compliance in the most cost effective way
Request A Quote
Features
  • Portal access
  • 1 payment path supported
  • User-initiated scanning process
  • Fulfills req’s. 6.4.3 & 11.6.1
  • Add-on consultation credits available
  • Partner discounts available

Pro

For businesses invested in having complete awareness and understanding of the threats to their ecommerce site
Request A Quote
Features
  • Portal access
  • 3 payment paths supported (option to add on)
  • Automated scanning process
  • Fulfills req's. 6.4.3 & 11.6.1
  • Forensic annual baseline assessment
  • 12 annual consultation credits included
  • Partner discounts available

Frequently Asked Questions

How much does a penetration test cost?

Penetration tests range in price, depending on the size of your network and specific needs. Tests usually range from $15,000 to $30,000. As a general rule, any "pentest" that is listed for less than $4,000 is likely not a real penetration test.

How long does a penetration test take?

At SecurityMetrics, we have customers who take weeks and some who take less time. It really depends on the complexity of your environment and what your objectives are.

Check out the Penetration Testing Timeline Checklist for more details.

What compliance standards require a penetration test?

There are many industry standards that require a penetration test, including PCI, SOC, HIPAA, GDPR, and more. For organizations that don't need to adhere to specific compliance standards elective pentests can be performed to gauge your security posture. Remember, if you make significant changes to your environment, you will need to perform a penetration test again.

What is the difference between a penetration test and a vulnerability scan?

Sometimes customers call asking about penetration testing and realize they actually just need a vulnerability scan. Vulnerability scans must be performed by someone who is a certified vendor. They are more affordable than a penetration test and completely automated. They focus on finding potential vulnerabilities and identifying them for you so you can go through the vulnerabilities and make the needed changes to test again. For PCI requirements, you must perform vulnerability scans once every 90 days.

Penetration testing tries to exploit the found vulnerabilities. Also known as ethical hacking, SecurityMetrics penetration testers start with your vulnerability scan and see if they can hack into your network. Penetration testing is much more hands-on and time-consuming, making it much more expensive than vulnerability scanning

What qualifications do SecurityMetrics pentesters have?

You should look for certain certifications when choosing a pentester. SecurityMetrics pentesters have CISSP, OSCP, BSCP, and more. SecurityMetrics pentesters want you to be safeguarded against threat actors, so they take their training and your pentest seriously.

SecurityMetrics also holds its own testing program once a year where pentesters go up against their own servers to determine any vulnerabilities and the effective rate of exploiting them. Sometimes pentest firms are doing as little as possible to sign you off. SecurityMetrics penetration testers want you to be safeguarded against threat actors, so they take your pentest seriously.

Request a Quote

Resources

The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.

No items found.
SecurityMetrics has helped secure 1,000,000+ payment systems

Get PCI DSS Compliant

Get ready for PCI DSS v4.0.1 with the right tools, training, and support.

Why choose SecurityMetrics?

analytics
Accurate and understandable results

Receive facts on every aspect of your pen test through detailed reports that both engineers and business managers can easily understand.

verified_user
Complementary retesting

SecurityMetrics offers complementary retests to ensure proper remediation and patching of reported vulnerabilities.

groups
Experienced with compliance

Our pen testers have experience with the various compliance and cybersecurity standards (e.g., PCI, HIPAA, HITRUST).

docs
Prioritized remediation actions

Your penetration test report will include prioritized recommendations on how to discover, remediate, and prevent additional vulnerabilities.

check_circle
Single point-of-contact

Communicate with a single point-of-contact for your assessment that quickly responds to your questions and requests.

sell
Straightforward pricing

SecurityMetrics pricing is simple–the recommended offerings are based on your objectives, giving you a custom quote and avoiding unnecessary add-on charges.

See how we've helped our clients succeed

When you succeed, we succeed. That's why we pay such close attention to detail and provide award-winning support. Let's work together!

TESTIMONIALS

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake
Premiere Sports Travel

SecurityMetrics is an integral part of the team in our PCI program. We depend on the assessors to make sure that we stay on the compliance track. They do it with developing relationships across campus, discussing upcoming projects or application changes, and being available to us for consulting. They are knowledgeable, helpful and help us keep the campus engaged by their friendly demeanors.

Robbyn Lennon
University of Arizona

We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!

Naomi Christman
The ProImmune Co, LLC

SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessary be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.

Steve Methvin
Bozzutos

SecurityMetrics' Pen Testing has definitely helped us improve our network security in ways I could have never imagined. You just don't know what you don't know. I am absolutely confident in their team's abilities and my experience has led me trust them implicitly as a security partner. Their depth of understanding is impressive, and their professionalism is unmatched.

Morgan Leppink
Internet Ticketing Systems

We’ve been using SecurityMetrics for our onsite PCI audits for more than 10 years now. We have continued to come back and return to SecurityMetrics due to the value that has been supplied by them. SecurityMetrics has been around long enough now and they’ve been one of the top providers when it comes to PCI compliance, that I know they’re in it for the long haul.

Dawn Martinez
SVP, NewTek Merchant Solutions
We work hard to provide amazing support
Average wait times
Phone
11 sec
Chat
3 sec
Ticket
2.1 hrs

Recognition for Outstanding Work

SecurityMetrics has worked hard over the years to provide outstanding products and services. Here are some of the awards the team has won.

The Golden Bridge Award 2020 Gold logo
Cybersecurity Excellence Award Winner 2023 Logo

Over 25 Years of Compliance Experience

QSA | PFI | ASV | P2PE | SSF | SLC | 3DS | QPA | PCIP | RPO

PCI Qualified Security Assessor logo
HITRUST Authorized CSF Assessor logo
CISSP logo
HCISPP logo
CISA logo
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart InspectShopping Cart Monitor (PCI 6.4.3 & 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
CMMC Compliance
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2026 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2001–2026 SecurityMetrics, Inc.
All rights reserved.
Privacy Policy
|
Terms and Conditions
|
About us