Skip to searchSkip to main content
Brightsight

  • Security evaluation services for the payments industry 

    CONTACT US
Industries Payment

Product security evaluation services for the payment industry

The payments industry is the backbone of modern commerce, encompassing a vast network of technologies and processes that facilitate secure financial transactions. From point-of-sale (POS) terminals and mobile payment applications to payment gateways and network infrastructure, the industry relies on a complex ecosystem to ensure the seamless and secure movement of funds. Given the sensitive nature of financial data, security is paramount. Any vulnerability can lead to devastating consequences, including financial fraud, data breaches, and reputational damage.


Safeguarding the critical ecosystem

Brightsight, a leading security evaluation lab, specializes in safeguarding this critical ecosystem. We provide comprehensive security evaluation services for any product or network that plays a role in the payments industry. Our expertise spans a wide range of technologies, including hardware security modules (HSMs), payment terminals, mobile payment applications, and payment networks.


We understand the unique security challenges faced by the payments industry, including compliance with stringent regulations such as PCI DSS and EMVCo standards. 


Our rigorous evaluation process involves in-depth vulnerability analysis, penetration testing, and compliance assessments to identify and mitigate potential security risks.


We don't just tick boxes

Brightsight's evaluations are more than just a checklist; they are a deep dive into the security architecture of your payment systems. We deliver detailed reports based on the scheme requirements, enabling you to strengthen your security posture and build trust with your customers. Our independent, objective assessments provide the assurance you need to navigate the complex landscape of payment security. Moreover, our expert reports that need to be submitted to the relevant schemes and certification bodies, will help you in achieving final certification.


By partnering with Brightsight, you gain access to our extensive expertise and experience in payment security evaluations. We help you review that your payment solutions meet the highest security standards, protecting your business and your customers from evolving threats.

Security evaluations in the payment domain

Brightsight offers security evaluation services for each phase of the development process. Our services aim to provide support such that development can be performed in the shortest possible time frames, as time-to-market is extremely important in the payment market. Evaluations are performed in a structured way and with a planning the developer can rely on.


Hardware and software security design reviews
At specifically selected milestones along the development process, the implementation is assessed for obvious security concerns. This service can be applied at various stages of the process, from initial design to concrete implementation. Depending on developer preference, the assessment can be performed interactively, remotely or as a combination of these two methods.


Full formal security compliance evaluations 
Once developed and considered ready, the final implementation is subjected to a full formal and highly structured evaluation process that allows for planning and facilitates essential implementation revisions with minimal impact on time-to-market. The added value of the SGS Brightsight evaluation process is the educational component that brings the development team to a higher level for future developments.

In addition, Brightsight can support you at any stage of the development process and has a proven concept and track record in helping our customers get certifications:

  • Customised training
    • PIN Entry Device and terminal security training course
    • CC training course
    • Dedicated subjects: Android, TEE
  • Pre-evaluation
    • Design and/or code review
    • Identify possible weaknesses in the security architecture of the payment terminal in an early stage.
  • Pre-testing
    • Perform a predefined set of penetration tests on the hardware part of your product.
    • CC document review
    • Verify the completeness in terms of content, presentation and readability of CC evidence


DOWNLOAD OUR PAYMENTS BROCHURE

Security services

Security evaluation

Pre-evaluation

Site security evaluation

Security training

Payment standards and recognitions

Related topics

White Box Cryptography
Code Obfuscation
Software Security
Trusted Execution
Domain (TEE)
HCE
CDCVM
mPOS Tap-to-Phone
SCRP
Smart Card / Contact / Contactless / DI
Payment applets
Java Card Platform
OS for payment card
Some of our customers
Ingenico
Landi
PAX
Verifone
NXP