Chip & System Security Testing 
Looking ahead to future of Post-Quantum Cryptography, we have partnered with PQShield to strengthen our hardware security solutions.
SOLUTIONS

  • > Side Channel Analysis

    Ready-to-use side channel tools to assess cryptography algorithms.

  • > Fault Injection: Laser, EM & Glitching

    Make sure your chip withstands different techniques of physical fault injections.

  • > Firmware Security Analysis

    Qualify embedded code binaries without physical devices and benches.

  • > Security Failure Analysis

    Photoemission analysis to explore internal information in a chip.

  • > Vulnerability Research

    Dynamic analyses at a system level for investigating potential vulnerabilities.

  • > esDynamic for EDU SCA and FI

    A learning center for academics to teach and perform side-channel analysis and fault injection

TECHNOLOGIES

  • > Data Science Platform

    esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.

  • > esFirmware Engine

    Assess the security of the firmware of IoT devices against logical and physical attacks.

  • > esReven Engine

    Record and replay vulnerability researches within reverse engineering processes and tools.

PROFESSIONAL SERVICES

  • > Cybersecurity Training

    Grow your expertise with training modules driven by a coach.

  • > Hardware Evaluation Lab

    High-end laboratory capabilities specialized in hardware security evaluations.

Mobile & Backend Security Testing 
Standard Mobile Payment Security PCI MPoC
Prepare for the future of mobile payments with PCI MPoC (Mobile Payments on Common-of-the-shelf devices).
EXPERTISE

  • > Mobile App Security

    Onboard your Team into your Security Challenges.

  • > DevSecOps

    Integrate the security protections verification in your CI/CD pipeline.

  • > PCI MPoC

    Prepare your product to meet this new mobile payment standard.

SOLUTIONS

  • > Mobile App Security Testing (MAST)

    esChecker SaaS: automating the security testing of your mobile app binary.

PROFESSIONAL SERVICES

  • > Mobile App Penetration Testing

    Testing the resiliency of your Mobile App, SDK or RASP tool.

  • > Backend Penetration Testing

    Testing the resiliency of your Web App, API or Backend Systems.

  • > Coaching for Mobile App Developers

    Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.

  • Go to our German website

Our Company 
Passionate about security and wanting to work in an exciting and innovative environment? Full time and internship opportunities starting 2023.
OUR COMPANY

  • > Events

CAREERS

  • > Meet our experts

  • > Open positions

    Join our team!

FOLLOW US
Blog
Contact us
Back to all articles
Mobile App & Software

PCI MPoC: The New Standard for Mobile Payments

4 min read
Edit by Thilo Pannen • Jun 2, 2023
Share

The PCI Security Standards Council (PCI SSC) has recently unveiled an innovative mobile payment security standard, known as Mobile Payments on COTS (Commercial-Off-The-Shelf) devices (PCI MPoC), designed to support the evolution of mobile payment acceptance solutions.

PCI MPoC builds upon the PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) standards, each coming with a limitation.

What sets PCI MPoC apart is its ability to support both PIN entry and contactless card processing on a mobile COTS device (phone or tablet), transforming it into a contactless payment acceptance point-of-sale (POS) device. Notably, while a PCI MPoC solution may utilize hardware security components integrated in the device (e.g. Secure Elements (SE) or Trusted Execution Environments (TEE)), it can also be realized purely in software.

 

The Demand for Mobile App and Backend Security

As contactless payments have gained popularity, particularly in the wake of the pandemic, developing secure PCI MPoC solutions becomes crucial. Developing a solution on a COTS device requires a deep understanding of state-of-the-art mobile app and backend security. Protecting the contactless payments demands rigorous measures to ensure data integrity, confidentiality, and resilience against evolving threats.

At eShard, we are specialized in mobile app security and have a proven track record in mobile payment security standards. Leveraging our knowledge and experiences, we offer comprehensive security services tailored specifically for PCI MPoC solution providers and SDK or app developers.

From the initial stages of your project to the security approval application at a PCI MPoC lab, our team of experts provides unwavering support. We assist with any security-related queries, ensuring a smooth journey and helping you meet all the necessary requirements.

 

Prepare for the Future in 4 steps

Sans-titre---1.gif

Set the scene with MPoC Workshop

With the introduction of this new standard, vendors naturally have a multitude of questions regarding its content and implications. At the Foundation Workshop, we equip you with essential insights and guidance on the PCI MPoC program. Our expert team introduces you to the program's key aspects, including stakeholders, roles and responsibilities, high-level security requirements, dos and don'ts, pitfalls to avoid, and its relationship with other vital PCI standards like PCI DSS, PCI SSF, PCI PTS, and PCI PIN.

 

Offensive and Defensive Mobile App Security Training

Empower your developers with our specialized training modules focused on offensive and defensive mobile app security. In the Offensive Training Modules, developers learn to think and attack like real-world adversaries, developing effective defensive measures. The Defensive Training Module highlights typical weaknesses of mobile applications and imparts the knowledge needed to implement resilient code. Our training combines theory and hands-on practical exercises, providing developers with the skills necessary to protect mobile apps from evolving threats.

 

Technical Security Pre-Assessment

Prepare yourself for a smooth security evaluation process at the PCI MPoC lab with our Technical Security Pre-Assessment module. Our experts will review your security design, source code, or binary release candidate to ensure compliance with PCI MPoC security requirements. By identifying any potential vulnerabilities or gaps early on, we help you save time and avoid unnecessary iterations during the lab testing phase.

 

Consultancy and Expertise Services

Throughout your PCI MPoC project, our consultancy and expertise services are at your disposal. We offer comprehensive support as your trusted security expert, answering your questions, providing guidance, training, and coaching until you achieve the final approval at the PCI MPoC lab. Our team will address not only security-related concerns but also any non-security queries that arise during the project, ensuring a seamless and efficient experience.

 

The future of mobile payments is here, and we are excited to be at the forefront of this transformative journey. With our comprehensive PCI MPoC security services, we aim to empower businesses, solution providers, and developers to build robust and secure mobile payment acceptance solutions. Let us be your trusted partner in safeguarding the future of mobile payments.

Contact us today to unlock the full potential of PCI MPoC security.

Share

Categories

All articles
(86)
Case Studies
(3)
Chip Security
(23)
Corporate News
(7)
Mobile App & Software
(27)
Vulnerability Research
(30)

you might also be interested in

Vulnerability Research

Discover esReven's knowledge modules for Reverse Engineering

1 min read
Edit by Mathieu Favréaux • Jun 29, 2023
CopyRights eShard 2023.
All rights reserved
Privacy policy | Legal Notice
SECURITY TESTING SOLUTIONS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability ResearchMAST: Mobile Application Security Testing
TECHNOLOGIES
Data Science PlatformesFirmware EngineesReven Engine
PROFESSIONAL SERVICES
Cybersecurity TrainingHardware Evaluation LabPenetration Testing for Backend and WebAppPenetration Testing for Mobile Applications
COMPANY
About usJoin our team!EventsBlog