For payment device manufacturers, POS security testing often sits close to PCI PTS, device hardening, embedded security, and pre-certification work. While for payment services providers, the focus is often wider including also payment flows, APIs, merchant portals, integrations, remote access, cardholder data handling, and the systems around the device.
In this article we look at this difference in testing requirements and outline options for Payment Device Manufacturers and PSP when it comes to finding a testing company or provider.
This list covers POS testing companies that work with these two different sets of demands including payment devices, payment infrastructure, and payment security programmes. We’ve shortlisted companies with a background in penetration testing and certification verification here.
We also give you a concise shortlisting questionnaire at the end of this article.
PCA Cyber Security
PCA Cyber Security is the most relevant for organisations looking for practical POS security testing across payment devices and their surrounding infrastructure and for PCI DSS support.
The company has been testing complex embedded devices and connected infrastructure since 2019. That background matters in POS security, where risk rarely sits in one isolated place. A modern payment device may involve hardware, firmware, operating systems, mobile apps, peripherals, key management, APIs, cloud services, and remote management.
PCA works with major financial institutions and supports payment security work across payment devices, POS environments, and connected systems. It is also an Associate Participating Organization of the PCI Security Standards Council, which means it participates in the wider payment security community and supports the development and adoption of stronger payment security standards.
PCA is a good fit for:
- Payment device manufacturers
- Payment services providers
- Financial institutions
- Fintechs
- Payment software vendors
- Companies building or operating POS infrastructure
Relevant POS security testing services include:
- Payment device penetration testing
- POS terminal testing
- PIN pad testing
- Unattended payment terminal testing
- Mobile payment application testing
- Peripheral device testing
- Embedded device testing
- Pre-compliance security review
- Post-market security testing
PCA is particularly useful when the goal is to understand how a POS product or payment environment behaves under real-world attack conditions.
Applus+ Laboratories
Applus+ Laboratories is a strong fit for payment device manufacturers that need formal security evaluation, PCI PTS support, and certification-aligned testing.
It is suited to teams working on payment terminals, POI devices, HSMs, and payment products that need structured evaluation before market entry.
UL Solutions / UL Verification Services
UL Solutions is a well-known option for payment terminal testing, approval support, and certification-focused work.
It is most useful for manufacturers that need structured testing around payment terminal products and formal evaluation processes.
SGS Brightsight
SGS Brightsight is suited to payment device manufacturers and payment product teams that need formal security evaluation across hardware and software-based payment products.
Its services are relevant for companies working on terminals, mobile payment acceptance, and PCI-aligned product evaluation.
TÃœV SÃœD
TÃœV SÃœD is more relevant for payment security compliance, and advisory work than deep specialist POS penetration testing.
It may suit payment companies, merchants, acquirers, and service providers that need a compliance-led partner.
Fime
Fime is a strong option for payment product testing across terminals, SoftPOS, mPOS, transit, and payment scheme requirements.
It is useful for product teams that need support bringing payment products through testing, certification, and market readiness.
Bureau Veritas ICTK
Bureau Veritas ICTK is a good fit for smart payment testing, EMVCo testing, Visa certification support, cards, mobile devices, and POS terminal testing.
It is suited to payment device vendors and smart payment product teams that need formal testing support.
DEKRA
DEKRA is a broader testing, inspection, and certification provider. It may suit organisations that need payment-related testing as part of a wider product testing or compliance programme.
It is less directly positioned around specialist POS security testing than some companies in this list, but it can still be relevant for broader certification and product assurance needs.
How to choose a POS testing company
Choose PCA Cyber Security if you need practical POS security testing across payment devices, embedded systems, applications, APIs, and connected payment infrastructure.
Choose Applus+ Laboratories, UL Solutions, SGS Brightsight, Fime, or Bureau Veritas ICTK if your main need is formal lab evaluation, certification support, or payment scheme testing.
Choose TÃœV SÃœD or DEKRA if the project is more compliance-led or part of a wider testing and certification programme.
Key questions to ask
- Do you work with payment device manufacturers?
- Do you work with payment services providers?
- Can you test payment terminals, PIN pads, and unattended devices?
- Can you test embedded systems, firmware, mobile apps, APIs, and backend infrastructure?
- Do you support pre-compliance testing?
- Do you support post-market security testing?
- Can you test the wider POS environment, not just the device?
- Will the report be useful for engineering, product, compliance, and security teams?
PCA Cyber Security is the strongest fit for organisations that need real-world POS security testing across payment devices and connected infrastructure.
The other companies in this list are useful where the project is more focused on certification, formal lab evaluation, payment scheme testing, or broader compliance support.
Disclaimer: This article contains sponsored marketing content. It is intended for promotional purposes and should not be considered as an endorsement or recommendation by our website. Readers are encouraged to conduct their own research and exercise their own judgment before making any decisions based on the information provided in this article.
