Overview

Payment Systems Security Assessment is a comprehensive analysis of your ATMs and/or POS devices, designed to identify vulnerabilities that can be used by attackers for activities like unauthorized cash withdrawal, performing unauthorized transactions, obtaining your clients’ payment card data, or initiating denial of service. This service will uncover any vulnerabilities in your ATM/POS infrastructure that are exploitable by different forms of attack, outline the possible consequences of exploitation, evaluate the effectiveness of your existing security measures, and help you plan further actions to fix detected flaws and improve your security.


  • Vulnerability Identification

    Seeking out and identifying configuration flaws and vulnerabilities in obsolete software versions

  • Logic Analysis

    Analysis of the logic behind the processes performed by your ATMs and POS devices, undertaking security research aimed at identifying any new vulnerabilities at component level

  • Adversary simulation

    ATM and POS Security Assessment involves emulating the attack behavior of a genuine malefactor in order to practically assess the effectiveness of your defenses

  • Comprehensive Reporting

    Detailing all found vulnerabilities and security flaws, with actionable recommendations for immediate remediation

In Use

  • Prevent financial losses resulting from potential attacks

    Recognize how intruders could attack your infrastructure:

    • Unauthorized cash withdrawal
    • Performing unauthorized transactions
    • Obtaining your clients’ payment card data
    • Initiating denial of service
    • Attacks aimed at adjacent assets, processing center and banking network
  • Identify a wide range of security flaws ripe for exploitation in your systems:

    • Vulnerabilities in network architecture and insufficient network protection
    • Vulnerabilities which enable an attacker to escape kiosk-mode and obtain unauthorized access to the OS
    • Vulnerabilities in third-party security software, allowing potential attackers to bypass security controls
    • Insufficient input and output device protection including vulnerabilities, which can allow the interception and modification of transferred data
    • Vulnerabilities and security weaknesses in communications between main ATM software and cash devices, enabling the interception and modification of transferred data leading to unauthorized cash transactions
  • Detailed reporting and recommended remediation

    • Conclusions on your current security levels of your ATMs against potential attacks
    • Comprehensive descriptions of potential attack surfaces for various intruder models
    • Descriptions of identified vulnerabilities, according risk levels and exploitation conditions
    • Demonstrations of vulnerability exploitation
    • Actionable recommendations for vulnerability remediation

Let’s Start the Conversation and talk to one of our experts about how True Cybersecurity could inform your corporate security strategy, please get in touch.