Internal and External Vulnerability Scans
PCI requirement 11.2 requires Internal and External vulnerability scans of network and system components. K3DES is an approved scan vendor (ASV) and is therefore can provide external vulnerability scans to meet requirement 11.2. K3DES can also provide internal vulnerability scans; however, under PCI requirements you may choose to do this within your organization using commercial and open source tools.
Application Penetration Testing
K3DES has partnered with WhiteHat Security to perform application penetration tests. SQL injections are listed as #4 in Visa's top 5 security vulnerabilities affecting Visa merchants and service providers. In addition to SQL injections, organizations need to test for additional vulnerabilities as identified in the Open Web Application Security Project (OWASP) top ten. Because of these common vulnerabilities, applications have recently become high value targets because they allow an attacker to pass through the firewall, avoid intrusion detection system and access to cardholder data stored in a database. The only solution to prevent these attacks is to test all forms of user input in your existing applications.
TG-3 PIN Security Reviews
Star, PULSE, and NYCE , require that ATM and POS acquirers connected to their networks demonstrate compliance with the PIN security requirements contained in TG-3 - 2006. The compliance review must be performed by a person who is approved by the networks. K3DES has approved personnel ready to perform your TG-3 review.
PCI PIN Security Reviews
Visa and MasterCard have adopted the Payment Cad Industry (PCI) PIN Security Requirements. Visa and MasterCard require annual assessments by qualified assessors to demonstrate compliance with PCI PIN Security Requirements. K3DES personnel have been approved by Visa and MasterCard to perform PCI PIN Security Reviews.
Forensic Investigations
K3DES performs forensic investigations of ATM and POS fraud to help determine the cause and prevent recurrence.