Pentesting every 3 months for entities with more than 20k transactions
annually for less than 20k transactions.
Why do you need to pentest?
Because things happen, and it is good to review your security profile
Have some Philotimo -
do the right thing - defend your site by scanning. http://oversitesentry.com/solutions/
Today's Fixvirus Security Video:
Also discussing the Oversitesentry blog post about QWERTY keylogger: http://oversitesentry.com/?p=1351