ATM and POS System Security Testing
To protect your ATM network and POS machines from fraud, NetSentries have developed a series of customized assessments that consider the entire ATM and POS ecosystem and not just the machines. We can identify software, hardware and communication protocol vulnerabilities, design vulnerabilities, process vulnerabilities and incident response that are exploited by the most modern attackers. With our services, you can protect your customers from unauthorized transactions and protect payment card data and your reputation.
Evaluate the network design of the ATM/POS environment, analyzing the security controls in place and the connectivity between the ATM/POS environment and the bank network.
Internal Penetration Testing
Evaluate the security of systems in the ATM/POS environment including routers, firewalls, control system servers, database systems, and ATM switches. A detailed VAPT covering all aspects of ATM and POS ecosystem is often recommended.
Host Security Configuration Review
Assess the configurations of routers, firewalls, and ATM/POS servers against known industry best practices while looking for known vulnerabilities.
Application Software Testing
Testing the payment and non-payment application on the ATM and POS, as well as the communication in between and to the backend systems.
Remote Access Review
Identify systems with dial-up and remote access capability that could allow an attacker to gain access to the ATM/POS network.
Policies & Procedures Gap Analysis
Evaluate the current policies and procedures for critical infrastructure against known best practices according to the Central Banks and PCI security standards.
With physical access to the ATM CPU, authentication mechanisms can be bypassed to gain unauthorized access to the ATM platform. All four areas of ATM security shall be assessed: Physical security, Network security, Application security and Operating system Security
Incident response capabilities
Analysis of the ability to recover from a cyber-attack and physical security of cyber assets.
Tactical and Strategic remediation
Technical and Executive staff briefing as well as a detailed report containing the test results. Evidence and recommendations separated into tactical and strategic categories shall be provided.
Interviews with managers, operators, vendors, engineers and system administrators.
The ATM ecosystem consists of a high number of vendors who impact the operational security. Often, there are large gaps between the desired and needed security posture and the actual one due to vendors who consider security a low priority.
NetSentries support your team to understand the vulnerabilities, gaps and exploits. Strategies in remediation of the vulnerabilities are identified and documented as actionable recommendations.