SecurityMetrics Reviews & Provider Details

SecurityMetrics secures peace of mind for organizations that handle sensitive data. They have tested over 1 million systems for data security and compliance. Industry standards don't keep up with the threat landscape, which is why they hold their tools, training, and support to a higher, more thorough standard of performance and service. Never have a false sense of security.™ SecurityMetrics is PCI certified as a Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), Certified Forensic Investigator (PFI), Qualified P2PE Application Assessor (P2PE QSA), PCI Software Security Framework (SSF) Assessor, Qualified Payment Application Assessor (PA-QSA), and Qualified PIN Assessor (QPA). As a Managed Security provider with over 20 years of data security experience, SecurityMetrics remains a leading provider in PCI and HIPAA compliance, having tested over 1 million systems for vulnerabilities.

Seller

SecurityMetrics

Discussions

SecurityMetrics Community

Services Offered

PCI Compliance, HIPAA Compliance, HITRUST Assessment, Vulnerability Scanning, Penetration Testing

Locations Serviced

Australia, United Kingdom, United States

Overview by

Landry French-Folsom

Top-Rated Alternatives

View All Alternatives

G2 reviews are authentic and verified.

Here's how.

Rolian R.

Small-Business (50 or fewer emp.)

3/3/2026

"People-First SecurityMetrics Partnership That Keeps Us Audit-Ready Year-Round"

5/5

What do you like best about SecurityMetrics?

People and security first, that's what we love most about SecurityMetrics' approach to navigating regulatory compliance, including PCI DSS 4.0.1. 4 years into our partnership, the improvements are felt on a daily basis. What stands out is how they've transformed security from an annual audit event into an ongoing commitment, we maintain regular monthly communication with their team, ensuring we stay audit-ready while keeping a genuinely secure and protected environment for our cardholders and merchants year-round. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

One area for improvement is the Suralink platform, which could benefit from a more intuitive experience. More broadly, we'd love to see SecurityMetrics evolve into a truly all-in-one compliance solution, consolidating all the tools and services needed to maintain PCI compliance under a single roof. Currently, having to source additional solutions externally adds both cost and complexity to a program that is already resource-intensive to manage. A unified, seamless platform experience would be a game changer for small organizations like ours. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

If your organization handles payment data and is navigating PCI DSS compliance, SecurityMetrics is a partner worth serious consideration. Don't wait until an audit is looming, engage them early. The value isn't just in passing your annual assessment, but it's in building a security culture that protects your business, your merchants, and your customers every single day. For payment processors and fintechs especially, the regulatory landscape is only getting more complex. Having a team that combines compliance expertise with practical security guidance means you're not just checking boxes, you're genuinely reducing risk. Four years in, we can confidently say SecurityMetrics has made Strictly a stronger, more secure organization, and that investment pays for itself in trust, readiness, and peace of mind. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

SecurityMetrics supports our ongoing security program through quarterly external vulnerability assessments, penetration testing, and annual onsite evaluations. What sets them apart is their deep industry experience, they don't just function as a compliance checkbox; they act as a trusted advisor, guiding us on security best practices and helping Strictly become a more resilient and secure organization year over year. Review collected by and hosted on G2.com.

Guido C.

Enterprise (> 1000 emp.)

2/25/2026

"Professional auditor and always willing to improve our security"

5/5

What do you like best about SecurityMetrics?

The professionalism of the auditor and their constant intention to help improve the company's security. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

There is nothing about the company or the auditor that has displeased me. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

SecurityMetrics is, without a doubt, the best option for organizations that need to organize and simplify PCI DSS compliance. It facilitates ASV scans, the management of findings, and the tracking of remediations, which helps keep the process under control. I recommend it for its operational clarity and the support it provides during the certification process. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

SecurityMetrics helped us manage PCI DSS 4.0.1 compliance in a clear and organized manner, especially in ASV scans, vulnerability detection, and remediation tracking. The platform also simplified documentation and allowed us to reduce audit times. As a result, we improved risk visibility and strengthened our security posture. Review collected by and hosted on G2.com.

Tyler T.

Mid-Market (51-1000 emp.)

11/4/2025

"Reliable PCI Compliance Partner with Excellent Support"

5/5

What do you like best about SecurityMetrics?

What I like best about SecurityMetrics is the friendliness and professionalism of their staff. Our assigned QSA is always very knowledgeable and takes the time to explain requirements clearly, helping ensure our company remains fully compliant. The personalized support and expertise they provide make the PCI audit process far less stressful and much more efficient. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

Overall, our experience with SecurityMetrics has been very positive. If I could make one recommendation, it would be to implement a single sign-on experience for all platforms — including the main compliance portal and vulnerability scanning features. Consolidating access under one login would make the process more efficient and user-friendly, especially when managing multiple tasks during the audit cycle. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

I would highly recommend SecurityMetrics to any organization that needs to maintain PCI compliance or strengthen its overall security posture. Their team is knowledgeable, responsive, and genuinely invested in helping clients succeed. The audit process is well-structured, and their QSAs provide clear guidance that makes compliance much easier to manage.

If you’re looking for a partner that combines strong technical expertise with excellent customer support, SecurityMetrics is a great choice. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

Our company is required to perform annual PCI Compliance audits with an on-site auditor. SecurityMetrics helps streamline this process by providing clear guidance, tools, and documentation needed to meet PCI requirements. Their platform simplifies evidence collection, vulnerability scanning, and reporting, which reduces the time and complexity of preparing for the annual audit.

By using SecurityMetrics, we’ve been able to identify and remediate potential vulnerabilities more efficiently, ensuring that our environment remains secure and compliant year-round—not just at audit time. Overall, this has improved our security posture, reduced compliance risk, and saved both time and resources during the audit process. Review collected by and hosted on G2.com.

james l.

Small-Business (50 or fewer emp.)

9/26/2025

"Shopping Cart Monitor"

4.5/5

What do you like best about SecurityMetrics?

The ease of using a portal to review scripts, authorise or decline scripts with a justification, options to download inventories / scans, when I do have an issue I am able to reach out to Maloy who does respond and helps us to get issues resolved along with Shane. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

The turnaround for bugfixes or portal updates does seem a little slow, inline scripts at the moment seems to be the most dislike at the moment as it requires emailing support to get more details which would be better for reviewing scripts, a manual option like the basic pages on the shopping cart plus option so not waiting for the system to run the test Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

I would recommend using SecurityMetrics as it is simple to sign up, good product to use for meeting the new PCI DSS 4.0.1 requirements, the dashboard is easy to use and the scanning works without having to add any coding or anything extra to your pages in order for the scanning to take place. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

The shopping cart monitor is helping us to monitor scripts, and headers on our pages to help detect anything malicious and to help meet PCI DSS 4.0.1 requirements Review collected by and hosted on G2.com.

Verified User in Information Technology and Services

Small-Business (50 or fewer emp.)

7/31/2025

"Independent security audit company vs Knowledge Transfer resource"

5/5

What do you like best about SecurityMetrics?

Security Metrics QSA staff, PEN Testing and ASV staff are always willing to provide 1st hand guidance when they deem the situation to be necessary. In a sense, Security Metrics seems to adopt our cyber-sec environment as their environment and as such, engages our staff with their cultural perspective that their standard's for QA are standards that we must take to heart in the same manner as they do within their own organization - simply stated they take "ownership" of their client's welfare - a very rare quality to find in today's private sector culture. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

I personally wish the virtual threat analyses were available more often. These virtual sessions are highly instructive and provide a 1st hand sense of the risk associated with most APTs today. The high-level threat analyses that we get from our 3rd party Intel resources are good, but the Security Metrics virtual threat analyses take many of the APT threats and tend to put a very fine point on many of these international threats and how they are expanding their scope of activity. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

Please see my comments in "What do you dislike about Security Metrics"?. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

Security Metrics is much, much more than just a highly recognized independent security assessment audit company. More precisely, Security Metrics takes the engaging position that professional knowledge transfer from their staff to our cyber security staff is an utmost priority. Consequently, security awareness is elevated far above what one might encounter in other business organizations that are comparable to our organization. A great example of what we mean by "knowledge transfer" is Security Metric's ongoing "Threat Briefings" that go a long way toward enhancing our 1st hand knowledge of the nation-state adversaries that threaten businesses of all stripes across the United States. Also, when Security Metrics QSA perform their exit review, it is not one that is perfuntory in nature, it is one of the most value packed And for companies like ours that operate in nearly every state in the Country, that is a critical value that is numbered by the many mechanisms and constantly evolving operational traits that we have adopted over the years via Security Metrics never ending engagement efforts in the advancement of our overall cyber-sec defensive strategies. Review collected by and hosted on G2.com.

Brandon I.

Mid-Market (51-1000 emp.)

8/5/2025

"Worth It for the Peace of Mind Alone"

5/5

What do you like best about SecurityMetrics?

The human side of things. Yes, their bot does the work to detect anything malicious but their team will also investigate it and help you eliminate the issue. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

There is nothing that I have found to dislike. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

We only use SecurityMetrics for their Shopping Cart Monitor, but it's been well worth it. If you suspect anything strange on your cart, I highly recommend giving them a shot. They identified our issue almost immediately and have consistently stayed on top of any malicious activity since. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

We've been using SecurityMetrics to monitor our shopping cart, and it's been a solid layer of protection. Their bot watches for any code changes in our stack and sends alerts right away when something looks off. What really stands out is their team — they don’t just notify me, they actively help track down where the changes came from and work with me to eliminate the issue at the source. They also follow up to make sure the threat is fully resolved. Review collected by and hosted on G2.com.

Alan M.

Small-Business (50 or fewer emp.)

8/4/2025

"Efficient and Thorough"

5/5

What do you like best about SecurityMetrics?

Their thoroughness and authority on the subject matter of PCI compliance. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

I don't like their software tracking platform, per-se. I realize audits are complex and there are hundreds of documents to organize and track. I also realize every company is different. I just feel like an intuitive product-minded person has not led the development or adoption of the document tracking process and the non-intuitive nature takes a lot of energy to overcome. I'm certain there is a more intuitive path for Security Metrics that will help them win and retain clients going forward. No dis to the team or process otherwise. It's just a comment on tooling. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

We shopped our bid for a PCI audit. Security Metrics wasn't the cheapest, but the scoping conversations with their team early on gave us confidence to move forward with them. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

We undergo annual PCI audits. Security Metrics is our auditor. This is an important part of our security framework and also sales materials as we're able to provide prospective clients our report on compliance. Review collected by and hosted on G2.com.

Arturo A.

Enterprise (> 1000 emp.)

11/17/2025

"Expert Team and Outstanding Customer Service"

5/5

What do you like best about SecurityMetrics?

The team demonstrates a high level of expertise and consistently provides excellent customer service. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

I have nothing in particular to mention when it comes to dislikes. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

I strongly recommend SecurityMetrics if you are looking to meet your PCI compliance requirements. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

SecurityMetrics conducted an on-site assessment and thorough evaluation of all credit card processing systems, networks, e-commerce platforms, as well as related policies and procedures. Their review involved identifying potential risks of fraud, working to reduce PCI scope, improving policies and procedures for credit card processing, and creating action plans to address any vulnerabilities found. Review collected by and hosted on G2.com.

John L.

Enterprise (> 1000 emp.)

7/23/2025

"PCI audit, Security Consulting, ASV, and support for SAQ A iFrame compliance"

5/5

What do you like best about SecurityMetrics?

They are very helpful with scope questions and are quick to jump on a call with a 3rd party service provider to help with collecting TPSP compliance documentation or reviewing TPSP compliance documentation. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

I honestly do not really have many dislikes. Their pricing is good. We have gone through multiple RFPs and they have won each time.

If I had to have a dislike, they have multiple products, ASV, PanScan, Shopping Cart Monitor, and we use all of them. If I have a question, knowing the most efficient way to contact the specific department would be helpful. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

Do your own research to see what company might work best for you, but I have recommended Security Metrics to other before. I have worked with TPSPs and they might be looking for a QSA or an approved ASV scanning provider and I have told them we use Security Metrics, and we have a great relationship with them, but please do your own research and choose any ASV or QSA for your needs. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

Security Metrics is our QSA company for annual PCI compliance audit. They also help with one-off PCI security questions, ASV scanning, and product support for SAQ A iFrame merchant compliance. We have a long-standing relationship. We have been working with Security Metrics for many years for annual compliance and through their guidance we have also reduced scope and increased our security posture.

They are a trusted partner. They are very knowledgeable and offer good advice. Review collected by and hosted on G2.com.

Clive B.

Small-Business (50 or fewer emp.)

7/30/2025

"Reliable support for staying PCI compliant"

4.5/5

What do you like best about SecurityMetrics?

SecurityMetrics consistently makes PCI compliance easy to understand and navigate. Their team is professional, highly knowledgeable, and always quick to respond when we have questions or need assistance. The peace of mind they provide by staying on top of evolving compliance standards is invaluable to our business operations. Review collected by and hosted on G2.com.

What do you dislike about SecurityMetrics?

There’s very little to criticise, but the extra cost to the forensic services and stress testing impacts your bottom line. Review collected by and hosted on G2.com.

Recommendations to others considering SecurityMetrics:

If PCI compliance is essential to your business, SecurityMetrics is the best choice. They are calm and help you through the endless PCI requirements. Review collected by and hosted on G2.com.

What problems is SecurityMetrics solving and how is that benefiting you?

SecurityMetrics helps ensure our business remains PCI compliant with minimal confusion or disruption. Their expert guidance simplifies a complex and often intimidating process, which is essential in maintaining trust with our customers and our payment provider. Review collected by and hosted on G2.com.