PA Device Security Evaluator is involved with cybersecurity evaluations of payment devices to various Payment Card Industry (PCI) requirements including:
PIN Transaction Security (PTS) Point of Interaction (POI)PIN Transaction Security (PTS) Hardware Security Module (HSM)Software-based PIN Entry on COTS (SPoC)Contactless Payments on COTS (CPoC)Mobile Payments on COTS (MPoC)Evaluations can include the following types of assessments:
Physical device securityTamper detection mechanisms (., the electrical/electronic components)Side-channel analysisSecure bootCryptographic key managementSource-code reviewFirmware/OS hardeningSecure software development lifecycleMalformed input (., fuzzing)Vulnerability assessment and penetration testingReverse engineeringMobile application testing (., OWASP MASVS/MSTG)Policy, process, and pr...