Skip to main content
Service

Payment Systems Security Assessment

Comprehensive analysis of your ATMs and POS devices

Overview

Payment Systems Security Assessment is a comprehensive analysis of your ATMs and/or POS devices, designed to identify vulnerabilities that can be used by attackers for activities like unauthorised cash withdrawal, performing unauthorised transactions, obtaining your clients’ payment card data, or initiating denial of service. This service will uncover any vulnerabilities in your ATM/POS infrastructure that are exploitable by different forms of attack, outline the possible consequences of exploitation, evaluate the effectiveness of your existing security measures, and help you plan further actions to fix detected flaws and improve your security.

Vulnerability Identification

Seeking out and identifying configuration flaws and vulnerabilities in obsolete software versions

Logic Analysis

Analysis of the logic behind the processes performed by your ATMs and POS devices, undertaking security research aimed at identifying any new vulnerabilities at component level

Adversary simulation

ATM and POS Security Assessment involves emulating the attack behavior of a genuine malefactor in order to practically assess the effectiveness of your defenses

Comprehensive Reporting

Detailing all found vulnerabilities and security flaws, with actionable recommendations for immediate remediation

In Use

  • Prevent financial losses resulting from potential attacks

    Recognize how intruders could attack your infrastructure:

    • Unauthorized cash withdrawal
    • Performing unauthorized transactions
    • Obtaining your clients’ payment card data
    • Initiating denial of service
    • Attacks aimed at adjacent assets, processing center and banking network
  • Identify a wide range of security flaws ripe for exploitation in your systems:

    • Vulnerabilities in network architecture and insufficient network protection
    • Vulnerabilities which enable an attacker to escape kiosk-mode and obtain unauthorized access to the OS
    • Vulnerabilities in third-party security software, allowing potential attackers to bypass security controls
    • Insufficient input and output device protection including vulnerabilities, which can allow the interception and modification of transferred data
    • Vulnerabilities and security weaknesses in communications between main ATM software and cash devices, enabling the interception and modification of transferred data leading to unauthorized cash transactions
  • Detailed reporting and recommended remediation

    • Conclusions on your current security levels of your ATMs against potential attacks
    • Comprehensive descriptions of potential attack surfaces for various intruder models
    • Descriptions of identified vulnerabilities, according risk levels and exploitation conditions
    • Demonstrations of vulnerability exploitation
    • Actionable recommendations for vulnerability remediation

Related to this Service