PCI-DSS recently released a revised document that covers pen-testing requirements for merchants and security providers. The document does a good job of comparing pen-testing with vulnerability assessments. If your company recently had a pen-test or vulnerability assessment done that did not cover all of these area and more, then call us and compare. Here is a link to posted guidelines for Pen-testing from PCI-DSS: Pen-testing Guide From PCI-DSS