PCI Checklist scans websites of every virtual POS vendors of payment gateways (banks, e-payment service providers etc.) externally, with a PCI-DSS oriented mind set that correlates the output with card transaction volumes, all in realtime. No integration on the target website is required, the only information necessary is the website address itself. The results not only provide cybersecurity risk assessments, but also gives insight on the technical best practices that should be applied but are not a part of the PCI-DSS compliance steps. Prioritizes which customers need PCI audits or A.S.V. scans based on its scan outputs and common attack patterns. Along with these, PCI Checklist consultants present special reports to the cybersecurity teams of the banks and e-payment systems with potential risks in all of their portfolio and countermeasures that should be considered in order to lower threat risks. This way, all of the virtual POS vendor portfolio's external vulnerability analysis can be assessed through a single service.
Onboarding Risk Assessment: Aside from realtime continuous scans, PCI Checklist provides the option to run a one-time scan and evaluate the potential security risks a vendor poses. This gives the ability to quickly grade a vendor when applying for a virtual POS and optionally provide them the feedback with necessary solutions or precautions that should be taken in order to be eligible to use the POS integration of a bank or e-payment system.
PCI Checklist Awareness Report: Apart from the security reports of each vendor, an "Awareness Report" is shared with the bank or e-payment system on scheduled intervals that provides vendors' security analysis, threats and volumetric data with strategical actions to be considered. These reports are evaluated with PCI Checklist's PCI Consultants on pre-determined dates at either face to face meetings or remote video calls.
PCI-QSA and A.S.V. Prioritization: PCI Checklist can determine which companies should be prioritized for PCI audits using the output of scan and volumetric data. The goal here is to distinguish the companies that have taken precautions of securing their environment and detecting the ones that should urge a PCI audit. This way PCI Checklist can assist the bank's or e-payment system's contractual PCI QSA's to prioritize digital POS customers with high risks, lowering time consumption and saving budget. This way PCI Level 3 and Level 4 merchants that need a mandatory A.S.V. scan can be easily grouped and prioritized too.
ONLAYER B.A.S.E.: The ONLAYER B.A.S.E. (Balanced Adaptive Stealth Engine) Technology ensures load generated on the target website is under control and limited. It also evades unnecessary WAF alarms by distributing and decelerating scans, providing approximately 78% less false-positives against systems with application-layer firewalls.
REST API Integration: Every data and operation running on PCI Checklist can be directly accessed by the bank or e-payment system via RESTful API's. This gives endless integration posibilities to third-party services or the currently running operational pipelines.
Monitoring and Alarming: The ability to scan vendors in realtime gives the advantage to monitor the whole portfolio's security status and generate alarms accordingly. Alarms generated by PCI Checklist can be configured using the REST API infrastructure, giving way to integrate with SIEMs, HIDs, current monitoring tools and more.
Reporting and Knowledge Base: PCI Checklist Fintech Services offers a single point to monitor the security status of the whole portfolio. Detected security vulnerabilities and articles to solve these problems can be provided with each of the digital POS customer with a single click. Each article on how to overcome these vulnerabilities are written by security professional with more than 10 years of experience in Fintech Infrastructure and Security expertise, and are updated as new vulnerabilities arise. Since knowledge of the scanned system is already present, each solution article is automatically generated in a personalized format for the target vendor. Banks and e-payment systems have the flexible option to share the solution article and scan reports as "No-Brand" or "White Label" with their current vendors.
Protecting Sensitive Data: All of the components of PCI Checklist are in a PCI Compliant zone with biometric access, locked cages and high available private cloud architecture. The private cloud is only deployed for the relevant bank or e-payment system. The virtual POS customer portfolio, and vulnerability scans of each POS customer is considered "Sensitive Data". These "Sensitive Data" are stored on the private cloud and are encrypted with a FIPS 140-2 Level-4 HSM.