Professionals of BDO in Ukraine have delivered a security assessment project for a fintech‑sector company operating an online payments platform in Malta.
In today’s financial sector, digital platforms process significant volumes of confidential information and financial transactions, making them a potential target for cyberattacks. As a result, companies seek to regularly assess the effectiveness of their security systems and promptly identify potential vulnerabilities.
The project focused on conducting penetration testing (pentest) of the web application and IT infrastructure, as well as testing employees’ resilience to social engineering attacks. This comprehensive approach made it possible to assess not only the technical aspects of security but also risks associated with the human factor.
Project Objectives
The primary objective of the project was to obtain an objective assessment of the system’s security posture, identify potential vulnerabilities, and determine risks related to both the technological infrastructure and the human factor. In essence, the assignment involved conducting a comprehensive cybersecurity assessment of the payment infrastructure and modelling potential attack scenarios.
In particular, the project team of BDO in Ukraine was tasked with the following objectives:
- to test the security system using realistic attack scenarios
- to identify potential methods of unauthorised access to confidential information
- to assess risks related to the human factor and insider threats
- to evaluate how employees respond to phishing attacks and other social engineering techniques
The findings obtained from the penetration testing of the fintech platform were intended to help the company gain a clearer understanding of its current cybersecurity posture and develop a roadmap for the further enhancement of its security systems.
Project implementation stages
As part of the project, experts of BDO in Ukraine tested the following:
This approach enabled the identification and assessment of risks that could result in the leakage of confidential information, compromise of internal systems, or disruption to the continuity of payment services.
The project was delivered in three key phases, each reflecting typical threat scenarios used by malicious actors.
- Web application security testing (Black Box)
During the first phase, the BDO team performed Black Box penetration testing, simulating realistic actions of an external threat actor without any prior knowledge of the system’s internal architecture or controls.
This approach enabled the identification of exploitable vulnerabilities and assessment of the platform’s exposure to external cyber threats through publicly accessible interfaces.
- IT infrastructure security assessment
The second phase focused on testing the company’s internal IT infrastructure.
Cybersecurity experts reviewed network service configurations, access control mechanisms, and analysed possible privilege escalation scenarios to assess the impact of unauthorised access to the internal environment.
- Social engineering testing
During the third phase, simulated phishing attacks were conducted to assess employee awareness and readiness to identify fraudulent communications.
This exercise enabled an evaluation of whether the human factor could represent a potential entry point to the organisation’s internal systems.
Client impact and project outcomes
Following the completion of penetration testing of the client’s fintech platform, the client received a comprehensive analytical report containing structured insights into identified vulnerabilities, their potential impact, and prioritised recommendations for remediation.
As a result of BDO in Ukraine’s engagement, the client was able to:
The successful delivery of the project enabled the fintech company to objectively assess the security posture of its platform and identify key areas for further enhancement of its cybersecurity framework.
The project was implemented through close collaboration of BDO in Ukraine’s cybersecurity experts and the application of advanced security testing methodologies designed to accurately simulate real-world threat actor behaviour.
This approach allowed the client not only to identify security weaknesses, but also to develop a structured strategy for the ongoing improvement of its cyber defence capabilities.
Contact BDO in Ukraine if you are looking to:
- conduct penetration testing of web applications or assess the cybersecurity of payment systems
- evaluate the security of ІТ infrastructure
- test your organisation’s resilience to social engineering attacks
- reduce the risks of data breaches and cyberattacks
