Security and PCI Compliance

Coalfire Cybersecurity Review

by

October 07, 2023

If you’re dealing with credit card payment information, sensitive financial data, or other details relating to money and finances, you need to ensure your data is safe.

With the increase in scammers and hacking, staying on top of information security is vital. Coalfire is a cybersecurity business that provides a variety of cyber security, auditing, testing, scanning, and other services.

In this review, we’ll explore what those services are and how they can help you keep client data safe.

 

About Coalfire

Coalfire is a security technology and consultancy business, started in 2001. It focuses mainly on risk management, reducing cyber threats, and helping businesses comply with various security-related rules and regulations. Its compliance work includes mandates issued by governments, industry bodies, and others.

On the technical side, it also provides advice on security best practice and IT infrastructure, aimed at reducing the risk and severity of information breaches. The company is a member of numerous security industry bodies and has many accreditations from technology providers, agencies, and other areas. Its clients include household names like 3M, AXA, Amazon, GoDaddy, IBM, Intel, Intuit, Oracle, NCR, Shopify, Toshiba, and more.

The company’s mission is “to provide knowledge, tools, guidance, and independent assessment services to all organizations.”

PCI DSS Audit and Assessment

One of the most important areas for credit card processors and businesses that accept credit cards is being compliant with the Payment Card Industry Data Security Standards (PCI DSS). Coalfire provides a complete range of assessment services designed to audit and understand a company’s PCI DSS implementation.

Their services cover all areas of PCI DSS including policies, procedures, security management, technology, infrastructure, architecture, software, design, protective measures, and more. They can tailor their services to a payment provider’s auditing and reporting needs, whether that’s a self-assessment questionnaire, or a complete report. Their consultants are Qualified Security Assessors (QSAs).

Services provided include:

  • Facilitated self-assessment
  • PCI DSS scope definition, advice, and recommendations
  • Audits of point-to-point encryption and other systems
  • Compliance reporting

Related Article: Understanding PCI Compliance.


PCI DSS Scans

Many businesses will need to complete external, independent PCI DSS scans. Coalfire can provide this service. They can scan your PCI DSS implementation on a monthly, quarterly, or annual basis and provide a complete report that can be shared with your credit card networks and other necessary parties.

PA-DSS Validation

Coalfire can protect from identity theft, credit card data theft, and other problems through Payment Application Data Security Standard (PA-DSS) validation. Coalfire will:

  • Complete a company risk assessment
  • Review and verify security protocols and processes in card reader hardware and software
  • Audit payment processing solutions to ensure they comply with PA-DSS requirements
  • Evaluate the software or hardware’s handling of payment card data
  • Validate and confirm segmentation controls

Digital Forensics

In the event of a breach, Coalfire has dedicated digital forensics experts who can examine the issue and provide evidence, information, and preventative measures. These services include:

  • Breach analysis — Exploring information around the incident, including timelines, compromised areas, malware, vulnerabilities, interdependencies, and affected data.
  • Device investigations — Research of mobile device usage that could contribute to a breach including forensic analysis, keyword and pattern searches, and credit card data.
  • Scanning and prevention — Evaluating every part of your data security systems to identify malware, weaknesses, or other exposure, then providing recommendations to close gaps.

Coalfire risk assessments

Vulnerability Scanning

It’s important to secure your network against hackers, malware, and other malicious actors. Coalfire provides a vulnerability scanning and assessment service. Key features include:

  • Automated scanning of every part of your infrastructure to identify breaches
  • Network vulnerability assessments through manual validation and analysis
  • Detailed risk analysis together with a complete report on vulnerabilities and other issues
  • Recommendations to remove points of failure, strengthen security, and prevent unauthorized access

Penetration Testing

Penetration testing (often called pen testing) is designed to test the security of your systems by carrying out simulated “attacks” in a similar way to how a hacker would go about accessing sensitive information. It can help businesses find and patch critical vulnerabilities before they can be exploited by real-world criminals. Services include:

  • Brute force attacks to find weaknesses in your security systems
  • Internal and external penetration testing and threat assessment
  • Targeted attacks at known vulnerabilities to check all parts of your infrastructure have been properly patched and maintained
  • Social engineering testing to see if your employees could make your data vulnerable

Application Validation and Security Testing

If your financial organization uses online applications to interact with customers and transfer financial data, it’s important to ensure those applications are secure. Coalfire will conduct security testing to identify any weak spots and provide recommendations to keep customer financial information secure. The company scans for application vulnerabilities and design flaws, manually reviews weak areas, and provides recommendations to close gaps and ensure security.

Coalfire chart

Social Engineering Testing

Social engineering is a process hackers and other scammers use to get access to sensitive information. It involves gaining the trust of employees or other stakeholders and influencing them to provide sensitive information including network access, passwords, and other compromising details. Coalfire carries out social engineering testing in several areas:

Email Phishing

Email users can be tricked into clicking on links that reveal personal information, passwords, and other sensitive data. Coalfire carries out phishing assessments to understand employee IT security awareness.

Pretexting

Employees can be influenced through the use of “pretext” (e.g. someone claiming to be from IT calling an employee and requesting a password.) Coalfire’s security assessments determine if employees are likely to be fooled by this approach.

Physical Environment

Some criminals will try to physically access your office. Coalfire’s assessment checks your access policies and procedures to see if that could happen to your organization.

Coalfire One

Coalfire One is Coalfire’s security suite. It provides a portal where clients can access various automated security programs to ensure their businesses remain safe and compliant. Services provided by Coalfire One include:

  • Automated vulnerability scanning of external and internal networks.
  • Information to assist you in completing financial compliance and assessment processes.
  • PCI DSS self-assessment tools and questionnaires.
  • Project management tools to ensure security and encryption is embedded in project management methodology and delivery.
  • Document management and reporting tools.
  • Access to professional support and expert security consultancy services.

Coalfire One Scanning

The Coalfire One scanning application provides several services:

  • Scans and alerts you to potential vulnerabilities and issues.
  • Searches networks, applications, and other areas for common attack vectors and known security issues.
  • Identified potential breaches that could expose financial, credit card, personal, and other sensitive information.
  • Scans for both known malware and malware signatures.
  • Allows for compliance with industry-specific mandates.

Coalfire provides a range of security services that are well suited to credit card businesses, payment processors, and other financial services providers. If you want to stay compliant, protect your business from vulnerability, and identify any issues, their services can help you secure sensitive data and information.

TwitterFacebookLinkedIn
Ben Dwyer

BY Ben Dwyer

Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing. As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.

Please join the conversation

Your email address will not be published.

FOUND THIS USEFUL? SHARE THIS!
 

Credit Card Processing exposed

Use the secrets that credit card processors don't want
you to know to drastically lower your credit card
processing fees.

Read Now!
 

You might also like…

kount-review

View all articles