SecurityMetrics Reviews & Provider Details

I would highly recommend SecurityMetrics to any organization that needs to maintain PCI compliance or strengthen its overall security posture. Their team is knowledgeable, responsive, and genuinely invested in helping clients succeed. The audit process is well-structured, and their QSAs provide clear guidance that makes compliance much easier to manage.

If you’re looking for a partner that combines strong technical expertise with excellent customer support, SecurityMetrics is a great choice. Review collected by and hosted on G2.com.

Our company is required to perform annual PCI Compliance audits with an on-site auditor. SecurityMetrics helps streamline this process by providing clear guidance, tools, and documentation needed to meet PCI requirements. Their platform simplifies evidence collection, vulnerability scanning, and reporting, which reduces the time and complexity of preparing for the annual audit.

By using SecurityMetrics, we’ve been able to identify and remediate potential vulnerabilities more efficiently, ensuring that our environment remains secure and compliant year-round—not just at audit time. Overall, this has improved our security posture, reduced compliance risk, and saved both time and resources during the audit process. Review collected by and hosted on G2.com.

I would recommend using SecurityMetrics as it is simple to sign up, good product to use for meeting the new PCI DSS 4.0.1 requirements, the dashboard is easy to use and the scanning works without having to add any coding or anything extra to your pages in order for the scanning to take place. Review collected by and hosted on G2.com.

The shopping cart monitor is helping us to monitor scripts, and headers on our pages to help detect anything malicious and to help meet PCI DSS 4.0.1 requirements Review collected by and hosted on G2.com.

Please see my comments in "What do you dislike about Security Metrics"?. Review collected by and hosted on G2.com.

Security Metrics is much, much more than just a highly recognized independent security assessment audit company. More precisely, Security Metrics takes the engaging position that professional knowledge transfer from their staff to our cyber security staff is an utmost priority. Consequently, security awareness is elevated far above what one might encounter in other business organizations that are comparable to our organization. A great example of what we mean by "knowledge transfer" is Security Metric's ongoing "Threat Briefings" that go a long way toward enhancing our 1st hand knowledge of the nation-state adversaries that threaten businesses of all stripes across the United States. Also, when Security Metrics QSA perform their exit review, it is not one that is perfuntory in nature, it is one of the most value packed And for companies like ours that operate in nearly every state in the Country, that is a critical value that is numbered by the many mechanisms and constantly evolving operational traits that we have adopted over the years via Security Metrics never ending engagement efforts in the advancement of our overall cyber-sec defensive strategies. Review collected by and hosted on G2.com.

We only use SecurityMetrics for their Shopping Cart Monitor, but it's been well worth it. If you suspect anything strange on your cart, I highly recommend giving them a shot. They identified our issue almost immediately and have consistently stayed on top of any malicious activity since. Review collected by and hosted on G2.com.

We've been using SecurityMetrics to monitor our shopping cart, and it's been a solid layer of protection. Their bot watches for any code changes in our stack and sends alerts right away when something looks off. What really stands out is their team — they don’t just notify me, they actively help track down where the changes came from and work with me to eliminate the issue at the source. They also follow up to make sure the threat is fully resolved. Review collected by and hosted on G2.com.

We shopped our bid for a PCI audit. Security Metrics wasn't the cheapest, but the scoping conversations with their team early on gave us confidence to move forward with them. Review collected by and hosted on G2.com.

We undergo annual PCI audits. Security Metrics is our auditor. This is an important part of our security framework and also sales materials as we're able to provide prospective clients our report on compliance. Review collected by and hosted on G2.com.

I strongly recommend SecurityMetrics if you are looking to meet your PCI compliance requirements. Review collected by and hosted on G2.com.

SecurityMetrics conducted an on-site assessment and thorough evaluation of all credit card processing systems, networks, e-commerce platforms, as well as related policies and procedures. Their review involved identifying potential risks of fraud, working to reduce PCI scope, improving policies and procedures for credit card processing, and creating action plans to address any vulnerabilities found. Review collected by and hosted on G2.com.

Do your own research to see what company might work best for you, but I have recommended Security Metrics to other before. I have worked with TPSPs and they might be looking for a QSA or an approved ASV scanning provider and I have told them we use Security Metrics, and we have a great relationship with them, but please do your own research and choose any ASV or QSA for your needs. Review collected by and hosted on G2.com.

Security Metrics is our QSA company for annual PCI compliance audit. They also help with one-off PCI security questions, ASV scanning, and product support for SAQ A iFrame merchant compliance. We have a long-standing relationship. We have been working with Security Metrics for many years for annual compliance and through their guidance we have also reduced scope and increased our security posture.

They are a trusted partner. They are very knowledgeable and offer good advice. Review collected by and hosted on G2.com.

If PCI compliance is essential to your business, SecurityMetrics is the best choice. They are calm and help you through the endless PCI requirements. Review collected by and hosted on G2.com.

SecurityMetrics helps ensure our business remains PCI compliant with minimal confusion or disruption. Their expert guidance simplifies a complex and often intimidating process, which is essential in maintaining trust with our customers and our payment provider. Review collected by and hosted on G2.com.

SecurityMetrics provides our organization with a reliable, independent assessment of our security posture through thorough penetration testing. Their approach helps us identify vulnerabilities that automated scans might miss, while also validating that our defenses are working as intended. This not only strengthens our security but also supports compliance and builds confidence for our stakeholders. The benefit is a clear, actionable roadmap to remediation without unnecessary noise or irrelevant findings. Review collected by and hosted on G2.com.

Very professional and competent company. I had pulled various documents and forms from their website for years in a previous job, this is my first experience actually working with them. I do have some frustrations with the audit process in general, but Security Metrics does not control the process. I found Security Metrics to be very easy to work with. If you have never been through an audit before, Security Metrics provides templates that provide a starting point for you in gathering the required documents and putting required processes in place. If this is your first audit, you might consider hiring a PCI consultant that can work with you and Security Metrics in order to satisfactorily complete your audit. Review collected by and hosted on G2.com.

PCI Audit required by Visa/Mastercard Review collected by and hosted on G2.com.