Kaspersky Payment Systems Security Assessment
Comprehensive analysis of your ATMs and POS devices
Kaspersky Payment Systems Security Assessment
Get a Quote!
Payment Systems Security Assessment is a comprehensive analysis of your ATMs and/or POS devices, designed to identify vulnerabilities that can be used by attackers for activities like unauthorized cash withdrawal, performing unauthorized transactions, obtaining your clients’ payment card data, or initiating denial of service. This service will uncover any vulnerabilities in your ATM/POS infrastructure that are exploitable by different forms of attack, outline the possible consequences of exploitation, evaluate the effectiveness of your existing security measures, and help you plan further actions to fix detected flaws and improve your security.
Service Scope and Options
The services are tailored to your needs and application specifics, and may involve:
Seeking out and identifying configuration flaws and vulnerabilities in obsolete software versions.
Analysis of the logic behind the processes performed by your ATMs and POS devices, undertaking security research aimed at identifying any new vulnerabilities at component level.
ATM and POS Security Assessment involves emulating the attack behavior of a genuine malefactor in order to practically assess the effectiveness of your defenses.
Detailing all found vulnerabilities and security flaws, with actionable recommendations for immediate remediation.
ATM/POS Security Services
ATMs and POS devices are no longer vulnerable only to physical attacks like ATM break-ins or card skimming. As protection measures applied by banks and ATM/POS vendors evolve, so attacks against these devices also shift up a gear, becoming ever more sophisticated. Hackers are exploiting vulnerabilities in ATM/POS infrastructure architecture and applications, and are creating malware specifically tailored to ATM/POS. ATM/POS Security Assessment services from Kaspersky help you to recognize the security flaws in your ATM/POS devices, and to mitigate the risk of being compromised.
There is no single solution that offers comprehensive protection. As a business manager, it`s your responsibility to protect your organization against today’s threats, and to anticipate the dangers that lie ahead in the coming years. This needs more than just smart operational protection against known threats; it demands a level of strategic security intelligence that very few companies have the resources to develop in-house.
Security Assessment Services from Kaspersky draws upon the services of our in-house experts, many of them global authorities in their own right, whose knowledge and experience is fundamental to our reputation as world leaders in security intelligence.
Why you should do this
ATM/POS Security Assessment by Kaspersky helps you as a vendor or financial organization to:
- Understand the vulnerabilities in your ATM/POS devices and improve your corresponding security processes
- Avoid the financial, operational and reputational losses that can result from an attack, through proactively detecting and fixing the vulnerabilities which attackers could exploit.
- Comply with government, industry or internal corporate standards, which include the carrying out of security assessments, e.g. PCI DSS (Payment Card Industry Data Security Standard).
What ATM/POS Security Services are testing
The service includes comprehensive ATM/POS analysis including assessment of software components, hardware devices and network communications. The service can be conducted on a single ATM/POS device or on a network of devices. Kaspersky recommends choosing the type of ATMs/POS device in most common use within your organization, or the type that appears most vulnerable (which has, for instance, already suffered from incidents) for assessment, and for these to be assessed in their typical configurations.
How ATM/POS Security Services do this
During analysis, our experts will not just seek out and identify configuration flaws and vulnerabilities in obsolete software versions, but will deeply analyze the logic behind the processes performed by your ATMs/POS devices, undertaking security research aimed at identifying any new (zero-day) vulnerabilities at component level. If we uncover vulnerabilities which could profit an attacker (resulting, for example, in unauthorized cash withdrawal), our experts can provide demonstrations of possible attack scenarios using specially crafted automation tools or devices.
While an ATM/POS Security Assessment involves emulating the attack behavior of a genuine hacker in order to practically assess the effectiveness of your defenses, please note that it is entirely safe and non-invasive.
Threats to the Finance Industry
Banks stock markets, and other financial institutions are an ongoing focus for cybercriminals due to the very nature of the industry. To avoid financial and reputational losses, it’s critical to stay ahead of the curve in terms of cybersecurity. Kaspersky offers a set of proactive threat intelligence services to help you enhance your security operations and take a proactive approach to advanced threats:
- Security Assessment Services (Penetration Testing, Application Security Assessment, ATM and POS Security Assessment)
- Threat Intelligence Reports (APT Intelligence Reports, Customer-Specific Threat Intelligence Reports)
- Cyber-Attack Readiness Testing
- Botnet Threat Tracking
- Threat Data Feeds
- Malware Analysis and Digital Forensics
- Training: Threat Analysis, Forensics and Investigation
Prevent financial losses resulting from potential attacks
Recognize how intruders could attack your infrastructure:
- Unauthorized cash withdrawal
- Performing unauthorized transactions
- Obtaining your clients’ payment card data
- Initiating denial of service
- Attacks aimed at adjacent assets, processing center and banking network
Identify a wide range of security flaws ripe for exploitation in your systems:
- Vulnerabilities in network architecture and insufficient network protection
- Vulnerabilities which enable an attacker to escape kiosk-mode and obtain unauthorized access to the OS
- Vulnerabilities in third-party security software, allowing potential attackers to bypass security controls
- Insufficient input and output device protection including vulnerabilities, which can allow the interception and modification of transferred data
- Vulnerabilities and security weaknesses in communications between main ATM software and cash devices, enabling the interception and modification of transferred data leading to unauthorized cash transactions
Detailed reporting and recommended remediation
- Conclusions on your current security levels of your ATMs against potential attacks
- Comprehensive descriptions of potential attack surfaces for various intruder models
- Descriptions of identified vulnerabilities, according risk levels and exploitation conditions
- Demonstrations of vulnerability exploitation
- Actionable recommendations for vulnerability remediation
Download the Kaspersky Payment Systems Security Assessment Datasheet (PDF).
- Pricing and product availability subject to change without notice.