top of page

FinTech Penetration Testing for Attestation of PCI Compliance

Updated: Mar 19

credit card being used in-store after attestation of PCI compliance


A nationwide FinTech company that supports veterans was launching a new credit card rewards offering for its members and needed a processing partner. The organization had realized that veteran discount programs nationwide were ripe for innovation, due to high-friction, in-store transactions. The organization turned to VISA to enable seamless transaction tracking and rewards collection for veteran discounts. One obstacle remained – the company would need to acquire an attestation of PCI compliance to partner with VISA. The organization’s leadership turned to Strategic Alliance Consulting (SAC) to spearhead the compliance effort, including external penetration testing.


SAC deployed an external penetration tester to evaluate the organization’s cybersecurity across its application’s AWS serverless architecture. This phase took 10 days to complete, and the findings were excellent. The organization’s application was very secure, and the company needed to make minimal changes. Following the initial phase, SAC provided advisory services focused on attaining PCI compliance, which the client successfully attained the following month.

Results: Attestation of PCA Compliance

After meeting PCI compliance requirements, VISA initiated an additional audit using its proprietary methodology, which was far stricter than PCI. Thanks to SAC’s work, the FinTech client successfully passed this audit, acquired an attestation of PCI compliance, and began testing its application and systems with VISA. Once this phase is complete, the organization will have a secure and scalable rewards program capable of supporting millions of veterans across the nation.


bottom of page