esDynamic
Manage your attack workflows in a powerful and collaborative platform.
Expertise Modules
Executable catalog of attacks and techniques.
Infrastructure
Integrate your lab equipment and remotely manage your bench.
Lab equipments
Upgrade your lab with the latest hardware technologies.
Side Channel Attacks
Evaluate cryptography algorithms from data acquitition to result visualisation.
Fault Injection Attacks
Laser, Electromagnetic or Glitch to exploit a physical disruption.
Security Failure Analysis
Explore photoemission and thermal laser stimulation techniques.
Evaluation Lab
Our team is ready to provide expert analysis of your hardware.
Starter Kits
Build know-how via built-in use cases developed on modern chips.
Cybersecurity Training
Grow expertise with hands-on training modules guided by a coach.
esReverse
Static, dynamic and stress testing in a powerful and collaborative platform.
Extension: Intel x86, x64
Dynamic analyses for x86/x64 binaries with dedicated emulation frameworks.
Extension: ARM 32, 64
Dynamic analyses for ARM binaries with dedicated emulation frameworks.
Penetration Testing
Identify and exploit system vulnerabilities in a single platform.
Vulnerability Research
Uncover and address security gaps faster and more efficiently.
Malevolent Code Analysis
Effectively detect and neutralise harmful software.
Digital Forensics
Collaboratively analyse data to ensure thorough investigation.
Software Assessment
Our team is ready to provide expert analysis of your binary code.
Cybersecurity training
Grow expertise with hands-on training modules guided by a coach.
Semiconductor
Security Labs
Governmental agencies
Academics
Why eShard?
Our team
Careers
Youtube
Gitlab
Github
The PCI Security Standards Council (PCI SSC) has recently unveiled an innovative mobile payment security standard, known as Mobile Payments on COTS (Commercial-Off-The-Shelf) devices (PCI MPoC), designed to support the evolution of mobile payment acceptance solutions.
PCI MPoC builds upon the PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) standards, each coming with a limitation.
What sets PCI MPoC apart is its ability to support both PIN entry and contactless card processing on a mobile COTS device (phone or tablet), transforming it into a contactless payment acceptance point-of-sale (POS) device. Notably, while a PCI MPoC solution may utilize hardware security components integrated in the device (e.g. Secure Elements (SE) or Trusted Execution Environments (TEE)), it can also be realized purely in software.
Β
As contactless payments have gained popularity, particularly in the wake of the pandemic, developing secure PCI MPoC solutions becomes crucial. Developing a solution on a COTS device requires a deep understanding of state-of-the-art mobile app and backend security. Protecting the contactless payments demands rigorous measures to ensure data integrity, confidentiality, and resilience against evolving threats.
At eShard, we are specialized in mobile app security and have a proven track record in mobile payment security standards. Leveraging our knowledge and experiences, we offer comprehensive security services tailored specifically for PCI MPoC solution providers and SDK or app developers.
From the initial stages of your project to the security approval application at a PCI MPoC lab, our team of experts provides unwavering support. We assist with any security-related queries, ensuring a smooth journey and helping you meet all the necessary requirements.
Β
With the introduction of this new standard, vendors naturally have a multitude of questions regarding its content and implications. At the Foundation Workshop, we equip you with essential insights and guidance on the PCI MPoC program. Our expert team introduces you to the program's key aspects, including stakeholders, roles and responsibilities, high-level security requirements, dos and don'ts, pitfalls to avoid, and its relationship with other vital PCI standards like PCI DSS, PCI SSF, PCI PTS, and PCI PIN.
Β
Empower your developers with our specialized training modules focused on offensive and defensive mobile app security. In the Offensive Training Modules, developers learn to think and attack like real-world adversaries, developing effective defensive measures. The Defensive Training Module highlights typical weaknesses of mobile applications and imparts the knowledge needed to implement resilient code. Our training combines theory and hands-on practical exercises, providing developers with the skills necessary to protect mobile apps from evolving threats.
Β
Prepare yourself for a smooth security evaluation process at the PCI MPoC lab with our Technical Security Pre-Assessment module. Our experts will review your security design, source code, or binary release candidate to ensure compliance with PCI MPoC security requirements. By identifying any potential vulnerabilities or gaps early on, we help you save time and avoid unnecessary iterations during the lab testing phase.
Β
Throughout your PCI MPoC project, our consultancy and expertise services are at your disposal. We offer comprehensive support as your trusted security expert, answering your questions, providing guidance, training, and coaching until you achieve the final approval at the PCI MPoC lab. Our team will address not only security-related concerns but also any non-security queries that arise during the project, ensuring a seamless and efficient experience.
Β
The future of mobile payments is here, and we are excited to be at the forefront of this transformative journey. With our comprehensive PCI MPoC security services, we aim to empower businesses, solution providers, and developers to build robust and secure mobile payment acceptance solutions. Let us be your trusted partner in safeguarding the future of mobile payments.
Contact us today to unlock the full potential of PCI MPoC security.