Fintech Security Accelerator (FSA) for Banking
90% of Credit Card Frauds that banks face are caused due to the lack of digital POS customers' security audits (Source: Verizon 2019 Data Breach Investigations Report). Lack of technical knowledge and high costs are the main reasons these companies don't get audited as intended.
PCI Checklist, scans externally every digital POS customers of banks in a PCI-DSS v3.2.1 oriented mind set and correlates the output with card transaction volumes, all in realtime. Prioritizes which customers need PCI audits or A.S.V. scans based on its scan outputs and common hacker patterns. Along with these, PCI Checklist consultants present special reports to the cybersecurity teams of the banks with potential risks in all of the portfolio and countermeasure that should be considered in order to lower threat risks. This way, all of the digital POS customer portfolio's external vulnerability analysis can be assessed through a single service.
Reporting and Knowledge Base: PCI Checklist Banking Essentials Plus offers a single point to monitor the security status of the whole portfolio of customers. Detected security vulnerabilities and articles to solve these problems can be provided with each of the digital POS customer with a single click. Each article on how to overcome these vulnerabilities are written by security professionals with more than 10 years of experience in Fintech Infrastructure and Security experiences, and are updated as new vulnerabilities arise. Banks have the flexible option to share the solution articles and scan reports as "No-Brand" or "White Label" with their current customers.
Protecting Sensitive Data: All of the components of PCI Checklist are in a PCI Compliant zone with biometric access, locked cages and high available private cloud architecture. The private cloud is only deployed for the relevant bank. The digital POS customer portfolio, and vulnerability scans of each POS customer is considered "Sensitive Data". These "Sensitive Data" are stored on the private cloud and encrypted with a FIPS 140-2 Level-4 HSM.
PCI Checklist Awareness Report: Apart from the security reports, an "Awareness Report" is shared with the bank on scheduled intervals that provides customers' security analysis, threats and volumetric data with strategical action to be considered. These reports are evaluated with PCI Checklist's PCI Consultants on pre-determined dates with either face to face meetings or remove video calls.
PCI-QSA Integration: PCI Checklist can determine which companies should be prioritized for PCI audits using the output of scan data and volumetric data. The goal here is to distinguish the companies that have taken precautions of securing their environment and detecting the ones that should urge a PCI audit. This way PCI Checklist can assist its contractual PCI QSA's to prioritize digital POS customers with high risks, lowering time consumption and saving budget.
A.S.V. Integration: With its scan results PCI Checklist can determine the customers that fit in the PCI Level 3 and Level 4 group and prioritize the ones need a mandatory A.S.V. scan within them.