> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
> Mobile App Security
Onboard your Team into your Security Challenges.
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
The PCI Security Standards Council (PCI SSC) has recently unveiled an innovative mobile payment security standard, known as Mobile Payments on COTS (Commercial-Off-The-Shelf) devices (PCI MPoC), designed to support the evolution of mobile payment acceptance solutions.
PCI MPoC builds upon the PCI Software-based PIN Entry on COTS (SPoC) and PCI Contactless Payments on COTS (CPoC) standards, each coming with a limitation.
What sets PCI MPoC apart is its ability to support both PIN entry and contactless card processing on a mobile COTS device (phone or tablet), transforming it into a contactless payment acceptance point-of-sale (POS) device. Notably, while a PCI MPoC solution may utilize hardware security components integrated in the device (e.g. Secure Elements (SE) or Trusted Execution Environments (TEE)), it can also be realized purely in software.
As contactless payments have gained popularity, particularly in the wake of the pandemic, developing secure PCI MPoC solutions becomes crucial. Developing a solution on a COTS device requires a deep understanding of state-of-the-art mobile app and backend security. Protecting the contactless payments demands rigorous measures to ensure data integrity, confidentiality, and resilience against evolving threats.
At eShard, we are specialized in mobile app security and have a proven track record in mobile payment security standards. Leveraging our knowledge and experiences, we offer comprehensive security services tailored specifically for PCI MPoC solution providers and SDK or app developers.
From the initial stages of your project to the security approval application at a PCI MPoC lab, our team of experts provides unwavering support. We assist with any security-related queries, ensuring a smooth journey and helping you meet all the necessary requirements.
With the introduction of this new standard, vendors naturally have a multitude of questions regarding its content and implications. At the Foundation Workshop, we equip you with essential insights and guidance on the PCI MPoC program. Our expert team introduces you to the program's key aspects, including stakeholders, roles and responsibilities, high-level security requirements, dos and don'ts, pitfalls to avoid, and its relationship with other vital PCI standards like PCI DSS, PCI SSF, PCI PTS, and PCI PIN.
Empower your developers with our specialized training modules focused on offensive and defensive mobile app security. In the Offensive Training Modules, developers learn to think and attack like real-world adversaries, developing effective defensive measures. The Defensive Training Module highlights typical weaknesses of mobile applications and imparts the knowledge needed to implement resilient code. Our training combines theory and hands-on practical exercises, providing developers with the skills necessary to protect mobile apps from evolving threats.
Prepare yourself for a smooth security evaluation process at the PCI MPoC lab with our Technical Security Pre-Assessment module. Our experts will review your security design, source code, or binary release candidate to ensure compliance with PCI MPoC security requirements. By identifying any potential vulnerabilities or gaps early on, we help you save time and avoid unnecessary iterations during the lab testing phase.
Throughout your PCI MPoC project, our consultancy and expertise services are at your disposal. We offer comprehensive support as your trusted security expert, answering your questions, providing guidance, training, and coaching until you achieve the final approval at the PCI MPoC lab. Our team will address not only security-related concerns but also any non-security queries that arise during the project, ensuring a seamless and efficient experience.
The future of mobile payments is here, and we are excited to be at the forefront of this transformative journey. With our comprehensive PCI MPoC security services, we aim to empower businesses, solution providers, and developers to build robust and secure mobile payment acceptance solutions. Let us be your trusted partner in safeguarding the future of mobile payments.
Contact us today to unlock the full potential of PCI MPoC security.