WHAT WE OFFER
K3DES provides computer and network security assessments, network vulnerability scanning, application penetration testing, application code reviews, cryptographic and security consulting, cryptographic training, forensic assessments and fraud analysis for the electronic payments industry.
Payment Card Industry (PCI) Data Security Standard Assessments
Internal and External Vulnerability Scans
PCI requirement 11.2 requires Internal and External vulnerability scans of network and system components. K3DES is an approved scan vendor (ASV) and is therefore can provide external vulnerability scans to meet requirement 11.2. K3DES can also provide internal vulnerability scans; however, under PCI requirements you may choose to do this within your organization using commercial and open source tools.
Application Penetration Testing
PCI Payment Application Data Security Standard (PA-DSS) Assessments
K3DES is a Payment Application Qualified Security Assessor (PA-QSA) and performs compliance assessments for the PA-DSS. PA-DSS compliant applications help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data, and support overall compliance with the PCI Data Security Standard (DSS).
PCI PIN Security Reviews
Visa and MasterCard have adopted the Payment Card Industry (PCI) PIN Security Requirements. Visa and MasterCard require annual assessments by qualified assessors to demonstrate compliance with PCI PIN Security Requirements. K3DES personnel have been approved by Visa and MasterCard to perform PCI PIN Security Reviews.
TG-3 PIN Security Reviews
Star, PULSE, and NYCE, require that ATM and POS acquirers connected to their networks demonstrate compliance with the PIN security requirements contained in TG-3-2006. The compliance review must be performed by a person who is approved by the networks. K3DES has approved personnel ready to perform your TG-3 review.
PCI and TG-3 PIN security consulting and training
K3DES performs forensic investigations of ATM and POS fraud to help determine the cause and prevent recurrence. If you experience a suspected or confirmed security breach, you should conduct a thorough investigation of the suspected or confirmed loss or theft of account information within 24 hours of the compromise. To prevent the further loss of data:
- Do not access or alter compromised systems (i.e., don't log on at all to the machine and change passwords, do not log in as ROOT)
- Do not turn the compromised machine off. Instead, isolate compromised systems from the network (i.e., unplug cable)
- Preserve logs and electronic evidence