Kaspersky Payment Systems Security Assessment
Comprehensive analysis of your ATMs and POS devices
Overview
Payment Systems Security Assessment is a comprehensive analysis of your ATMs and/or POS devices, designed to identify vulnerabilities that can be used by attackers for activities like unauthorized cash withdrawal, performing unauthorized transactions, obtaining your clients’ payment card data, or initiating denial of service. This service will uncover any vulnerabilities in your ATM/POS infrastructure that are exploitable by different forms of attack, outline the possible consequences of exploitation, evaluate the effectiveness of your existing security measures, and help you plan further actions to fix detected flaws and improve your security.
Service Scope and Options
The services are tailored to your needs and application specifics, and may involve:
Vulnerability Identification
Seeking out and identifying configuration flaws and vulnerabilities in obsolete software versions.
Logic Analysis
Analysis of the logic behind the processes performed by your ATMs and POS devices, undertaking security research aimed at identifying any new vulnerabilities at component level.
Adversary simulation
ATM and POS Security Assessment involves emulating the attack behavior of a genuine malefactor in order to practically assess the effectiveness of your defenses.
Comprehensive Reporting
Detailing all found vulnerabilities and security flaws, with actionable recommendations for immediate remediation.
ATM/POS Security Services
ATMs and POS devices are no longer vulnerable only to physical attacks like ATM break-ins or card skimming. As protection measures applied by banks and ATM/POS vendors evolve, so attacks against these devices also shift up a gear, becoming ever more sophisticated. Hackers are exploiting vulnerabilities in ATM/POS infrastructure architecture and applications, and are creating malware specifically tailored to ATM/POS. ATM/POS Security Assessment services from Kaspersky help you to recognize the security flaws in your ATM/POS devices, and to mitigate the risk of being compromised.
There is no single solution that offers comprehensive protection. As a business manager, it`s your responsibility to protect your organization against today’s threats, and to anticipate the dangers that lie ahead in the coming years. This needs more than just smart operational protection against known threats; it demands a level of strategic security intelligence that very few companies have the resources to develop in-house.
Security Assessment Services from Kaspersky draws upon the services of our in-house experts, many of them global authorities in their own right, whose knowledge and experience is fundamental to our reputation as world leaders in security intelligence.
Why you should do this
ATM/POS Security Assessment by Kaspersky helps you as a vendor or financial organization to:
- Understand the vulnerabilities in your ATM/POS devices and improve your corresponding security processes
- Avoid the financial, operational and reputational losses that can result from an attack, through proactively detecting and fixing the vulnerabilities which attackers could exploit.
- Comply with government, industry or internal corporate standards, which include the carrying out of security assessments, e.g. PCI DSS (Payment Card Industry Data Security Standard).
What ATM/POS Security Services are testing
The service includes comprehensive ATM/POS analysis including assessment of software components, hardware devices and network communications. The service can be conducted on a single ATM/POS device or on a network of devices. Kaspersky recommends choosing the type of ATMs/POS device in most common use within your organization, or the type that appears most vulnerable (which has, for instance, already suffered from incidents) for assessment, and for these to be assessed in their typical configurations.
How ATM/POS Security Services do this
During analysis, our experts will not just seek out and identify configuration flaws and vulnerabilities in obsolete software versions, but will deeply analyze the logic behind the processes performed by your ATMs/POS devices, undertaking security research aimed at identifying any new (zero-day) vulnerabilities at component level. If we uncover vulnerabilities which could profit an attacker (resulting, for example, in unauthorized cash withdrawal), our experts can provide demonstrations of possible attack scenarios using specially crafted automation tools or devices.
While an ATM/POS Security Assessment involves emulating the attack behavior of a genuine hacker in order to practically assess the effectiveness of your defenses, please note that it is entirely safe and non-invasive.
Threats to the Finance Industry
Banks stock markets, and other financial institutions are an ongoing focus for cybercriminals due to the very nature of the industry. To avoid financial and reputational losses, it’s critical to stay ahead of the curve in terms of cybersecurity. Kaspersky offers a set of proactive threat intelligence services to help you enhance your security operations and take a proactive approach to advanced threats:
- Security Assessment Services (Penetration Testing, Application Security Assessment, ATM and POS Security Assessment)
- Threat Intelligence Reports (APT Intelligence Reports, Customer-Specific Threat Intelligence Reports)
- Cyber-Attack Readiness Testing
- Botnet Threat Tracking
- Threat Data Feeds
- Malware Analysis and Digital Forensics
- Training: Threat Analysis, Forensics and Investigation
Pricing Notes:
- Pricing and product availability subject to change without notice.