How can we help you?
Fraud Prevention and Investigation
Investigative Actions with Public Security Organs
The service of Investigative Actions with Public Security Organs is performed together with our own or external legal support, applying all the rules of compliance, conformity, besides following all the legal support of the laws in effect. Its focus is the managed follow-up of external actions by highly qualified professionals, providing the law authorities and legal offices with all the technical support on the case. This activity also includes support throughout the investigation cycle.
- Asset Recovery;
- Loss Prevention Intelligence Report.
Investigation of Suspected Compromise
The Investigation of Suspected Compromise service is focused on mapping the entire flow of capture, transport and settlement in the payment arrangement, as well as identifying possible improper collection or storage in the analyzed flow. This activity also includes support throughout the investigation cycle.
Payment Fraud Investigation
The Payment Fraud Investigation service is focused on mapping the flow of the payment arrangement, as well as identifying possible fraudulent actions in the flows identified, to identify points for improvement in the process. This activity also includes support throughout the investigation cycle, both in supporting the recovery of the financial losses incurred, and in identifying suspects when possible.
Corporate Fraud Investigation
The Corporate Fraud Investigation service is focused on the understanding of the case, as well as the entire process of verification and investigation of fraud, suspicions, corruption, and financial crimes for companies of various segments, scopes, and sizes.
Fraud Prevention
The Fraud Prevention service involves all ways of preventing fraudulent actions in the payment arrangement, whether in gateways, merchants, acquirers, brands, issuers, in addition to all logistical and technical processes that support the activity.
Contemplating:
- Development and maintenance of transactional and/or profile rules;
- Treatment and management of cases of suspected fraud;
- Specialized training in fraud prevention;
- Mapping and development of policies and processes;
- Physical evaluations in asset storage environment.
Workshops
We offer PCI-DSS, PCI-PIN, and Secure Development training to help you understand the responsibilities, standards, routine processes required to achieve and maintain PCI certification, and how to use current controls to support your Cybersecurity and Compliance needs.
Hardening
Hardening is a process that allows you to ensure that a computer or server has the minimum configurations and thus reduce its vulnerabilities and security gaps from a baseline that allows it to resist possible attacks.
Policies and Procedures
Development of Information Security policies, adequate to international norms and standards such as ISO 27001, PCI-DSS, LGPD, GDPR, PLD, AML, SOX etc. This activity aims to develop policies aligned to the company’s business, resulting in more consistent processes and also reducing the risk of incidents in the environment.
Cybersecurity Assessment
The analyses performed encompass a scope defined together with the client and seek to identify threats, impacts, and security controls and deficient processes, in relation to the best security practices and consolidated frameworks in the market, such as the NIST Cybersecurity Framework.
Vulnerability Scan Solution
ASV (Approved Scanning Vendor) Vulnerability Scanning Solution, approved by the PCI SSC, that has several ways of deployment, facilitating the implementation in several infrastructure models, including cloud and container.
Vulnerability analysis
Service of evaluation and identification of flaws and potential security threats in a technological infrastructure with the objective of anticipating cybersecurity problems that could harm the company’s operations.
Pentests
Intrusion testing, in a controlled and professional manner, including blackbox, whitebox, web applications, mobile, corporate systems, networks and environments. These tests are conducted by experienced consultants who perform the exploitation attempts manually, based on vulnerabilities identified during the discovery phase, the initial phase of the activity. The methodology of the Invasion Tests is based on NIST SP800-115, OWASP and PCI Guides.
Cyber Risk Analysis
Risk analysis in pre-determined scope, based on ISO 27001, ISO 27005, PCI-DSS and best practices in cybersecurity. This assessment aims to identify threats, vulnerabilities and the potential negative impact on the business and information of customers, employees or service providers. The result of the analysis enables decisions, investments, and adjustments to be made based on the weaknesses of the environment.
PCI as a Service (PCIaaS)
MATRIX offers monthly monitoring by a QSA to assist its customers in maintaining PCI-DSS compliance. This follow-up includes a review of routine activities required by the PCI-DSS standard and evidence sampling of the other processes that support the security of the environment in scope.
ISO 27001 compliance
The ISO 27001 assessment process aims to assess the context of the organization and make recommendations for implementation, maintenance, and improvement of the maturity level of the Information Security Management System (ISMS). This process is performed by a professional ISO/IEC 27001 Certified Lead Auditor.
PCI-PIN certification
PCI-PIN compliance assessment process, for international certification of the environment that has contact with card data. This process is performed by a QPA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-PIN.
PCI-DSS Level 2 to 4 Certification
Process of compliance assessment with the PCI-DSS standard, based on the QSA applicable to the business segment in question. This process is performed by a QSA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-DSS level 2 to 4.
PCI-DSS Level 1 Certification
PCI-DSS compliance assessment process, for international certification of the environment that has contact with card data. This process is performed by a QSA consultant certified with the PCI SSC and is applicable to all companies that qualify as PCI-DSS level 1.
PCI GAP Analysis
Evaluation of adherence to the requirements of the PCI standard in force, with the objective of identifying the applicable controls and whether they are in conformity with the security processes and controls carried out in the evaluated company. As part of the GAP analysis, MATRIX will present compliance indicators and recommendations for the adequacy of the necessary points.
Prevention and Treatment of Fraud
Mapping and critical analysis of processes, policies and activities directed to fraud prevention and money laundering, enabling the identification of vulnerabilities and supporting the implementation of tools, methodologies and technologies that will act in the mitigation of these failures, preventing and reducing deviation and fraud risks and financial impacts.
PCI – Payment Card Industry
Specialized consulting to support the definition, remediation and improvement of the PCI environment architecture, controls and processes, aligning business needs to the PCI-DSS and PCI-PIN requirements. This service extends to all requirements of the standard in force.
Cybersecurity
The consulting service helps MATRIX clients to increase the maturity of their Information Security Management System (ISMS), through the improvement of current controls, processes and documentation. This service extends to all processes related to the operation of the activities necessary to ensure an effective ISMS aligned with the client’s business plan.
Cyber Incidents Response
The Cyber Incident Response Service focuses on identifying threats, understanding your exposure, balancing your priorities, and establishing a comprehensive response, aligning expectations and proactive strategy that manages emerging security and privacy threats. This service may include incident simulation with Pentest and malware evaluation for intelligence generation.
Fraud Prevention
The Fraud Prevention service involves all ways of preventing fraudulent actions in the payment arrangement, whether in gateways, merchants, acquirers, brands, issuers, in addition to all logistical and technical processes that support the activity.
Contemplating:
- Development and maintenance of transactional and/or profile rules;
- Treatment and management of cases of suspected fraud;
- Specialized training in fraud prevention;
- Mapping and development of policies and processes;
- Physical evaluations in asset storage environment.
Outsourcing
MATRIX offers partial or total outsourcing of the teams allocated in the client. The professionals allocated work in a committed manner, are permanently trained, and capacitated to act in environments that involve different technologies and processes. In addition, all professionals are monitored by our Project Managers, who are responsible for the quality of the work and the definition of the allocation profiles. The consulting services can be provided remotely or in person.
vCISO
MATRIX’s virtual CISO (vCISO) service provides our experts who are familiar with managing cyber and information security risks in all industries (banking, retail, healthcare entities, industries, etc.).
Vulnerability and Patch Management
Ongoing evaluation of the state of an organization’s operating systems and business applications that involves the identification, classification, and correction of information security vulnerabilities.
Events and Threat Management
Analysis of events generated by the different detection and protection systems that make up the security architecture of an organization. A correlation of events is performed and thus threats are detected in advance, generating appropriate mitigation measures.
SOC
It is a managed security service that operates under a set of defined procedures and has technology to monitor, analyze, respond to and prevent cybersecurity incidents on an ongoing basis. The purpose of the SOC service is to ensure that all IT security and cybersecurity policies are in place, properly executed and regularly updated in response to threats.
How can we help you?
COMING SOON -