Financial entities have run ahead of every other sector on cybersecurity for two reasons: the money is the target, and DORA made ICT risk management a regulatory line item rather than a board promise. Sandline runs threat-led penetration testing aligned with TIBER-EU, vulnerability programmes that produce DORA Article 9 evidence on demand, and incident-response retainers wired to the EBA reporting templates.
Where DORA stops, PCI-DSS 4.0 and NBR Regulation 4/2018 keep going. We map every finding to the framework your auditor cares about, and we keep the evidence reusable across audits — pentest output that satisfies PCI-DSS Requirement 11.4 also feeds DORA Article 13 and ISO 27001 Annex A.8.8 with no rewriting.
Typical engagements
- TLPT / TIBER-EU red team operations
- External and internal pentest of payment systems
- Cardholder-data-environment segmentation tests
- Continuous vulnerability programme on Centraleyezer
- IR retainer with DORA-aligned reporting templates
- Third-party (critical ICT provider) assessment programme
Sector-specific threats
Account-takeover via OAuth and JWT misconfiguration
Among the highest-volume attack patterns we see in EU retail banking. Our pentests target token validation, audience checks, alg confusion, and the ID-token / access-token boundary.
Wire-fraud through business email compromise
BEC bypasses every technical control by going at the human in the loop. Our human-vulnerability programme phishes finance roles with payroll- and supplier-themed pretexts and feeds the results into your authorisation policy.
Supply-chain compromise via critical ICT providers
DORA Article 28 made this a regulator-level concern. We assess your critical providers against the same controls you assess yourself against.