Menu Close

Case Study

Vulnerability Scanning and Penetration Testing for Retail Payments Authority

Service:

Infosec/Cybersecurity

Sector:

Financial Services

The client

The UK’s retail payments authority overseeing critical payments infrastructure and platforms on behalf of the Bank of England.

The work

As part of the internal audit for the golive readiness of a new transactional data analysis platform we were required to perform internal and external vulnerability scanning and penetration testing of the new system.

How we helped

The highly sensitive nature of the transactions being stored on the platform and the importance of the analysis provided to the financial markets was such that the client required absolute certainty that the implementation was architected and implemented as securely as possible.

Our skilled penetration tester deployed a range of techniques and tools to simulate likely hacking attack vectors and test the effectiveness of system security at the transport, infrastructure, database, application and presentation layers and then provide practical mitigation steps for issues identified.

Value added

Our penetration tester’s practical knowledge of hacking approaches and techniques enabled a level of scrutiny beyond that from purely deploying automated tools. We were able to advise the client on a risk based approach to mitigating the vulnerabilities highlighted to the extent that they were comfortable to put the system live.

Customer reviews

What our clients say

"Xcina have helped us navigate the complicated world of data protection and their vDPO service has been great for a business like ours, which is too small to have our own internal full time resource but requires a high level of corporate and technical expertise when needed."
Quadrangle Research Group
Quadrangle Research GroupChief Operating Officer
“We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our 'Virtual DPO' provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection.”
Your World Recruitment
Your World RecruitmentGroup IT Director
“Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters.”
National Bank of Kuwait
National Bank of KuwaitCompliance Officer
"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."
Portman Settled Estates Limited
Portman Settled Estates LimitedEstate Secretary
“Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant.”
DKB Brands
DKB BrandsData Protection Officer
"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place.”
ParkMobile
ParkMobileUK Managing Director
“Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do.”
Getac Technology Corp
Getac Technology CorpLegal Affairs Center

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.