Why choose us?
Products
Platform
Promon Platform All Promon products and extensions in a single platform.
App protection
Promon Shield for Mobile™ Secure iOS & Android apps from tampering, repackaging, & more.
Promon Shield for Desktop™ Protect Windows & macOS apps from static & dynamic attacks.
Promon Shield for SDKs™ Defend SDKs from tampering, & unauthorized use.
Extensions
Promon Code Protect™ Protect app code & data from reverse engineering & copying.
Promon Data Protect™ Store app secrets securely on compromised end-user devices.
Promon Verify™ Verify the integrity of apps accessing APIs in real-time.
App analytics
Promon Insight™ for App Security Understand security risks & make data-driven decisions.
Featured webinar
Pass your next mobile app pentest with confidence
Find out how
Solutions
By industry
Banking Comply, prevent fraud, & protect sensitive data.
Payments Achieve compliance, prevent tampering, & secure data.
Gaming Prevent cheating, protect transactions, & revenue.
Streaming & media Secure content, intellectual property, & user data.
Retail & e-commerce Stop malware, MitM attacks, & account takeovers.
Public sector Prevent repackaging, breaches, & tampering.
Healthcare Ensure regulatory compliance & secure PHI.
Automotive Secure sensitive app data & assets.
By use case
On-device AI security Secure on-device AI features against next-gen attacks
Pass your mobile app pentest Identify and fix security gaps before auditors or attackers do
Customer stories
We protect the world's leading brands, & we can protect yours too.
Read more
About Promon
Company
About us Learn about us & our 19-year history.
Contact us Need help? Get in touch with our team.
Careers #LifeAtPromon & the latest jobs.
Partners Become a partner & deliver app security.
Press Your source for all things Promon.
We're hiring!
We're changing the world, one app at a time. Will you help us?
View open roles
Resources
App sec library
All resources Explore The Mobile App Security Library.
Customer stories Find out how the world's leading brands stay secure.
Webinars & events Meet peers (& Promon) online & around the world.
Ebooks & whitepapers Dive into the finer points of app shielding.
Knowledge Centre Where app security meets Promon tech.
Blog Keep up with app sec news & developments.
Tools & games Research, calculate, or just have some fun!
Glossary Understand critical app sec terminology.
Mobile attack vector library Understand key mobile attack vectors.
On-demand webinar
App Threat Report: The state of facial recognition security
Read now
Book a meeting

Pass your EMVCo SBMP evaluation first time

Promon gives mobile payment apps, wallets, and payment SDKs the client-side protections EMVCo labs expect - so you can reduce certification risk, shorten evaluation cycles, and keep launches on schedule.

Book an EMVCo SBMP readiness session with Promon:

  • check-circle

    Validate your current protection posture

  • check-circle

    Identify where labs are most likely to find weaknesses

  • check-circle

    Prioritize fixes that reduce rework and timeline risk

Book your session
EMVCo certification paymets

EMVCo SBMP is becoming a commercial baseline

As mobile payments scale, SBMP is increasingly a prerequisite for major card schemes and a credible signal that your app can withstand real-world attacks. When requirements tighten, “good enough” client-side controls become a launch risk.

What's at stake?

 

  • x-circle

    Launch delays driven by evaluation rework

  • x-circle

    Extended evaluation cycles due to rework

  • x-circle

    Fraud exposure from cloning, repackaging, and key extraction

  • x-circle

    Partner and card-scheme approval friction

  • x-circle

    Heightened regulatory and audit scrutiny

Payments Banking credit card

How Promon helps you become EMVCo evaluation-ready

Promon provides EMVCo-evaluated app shielding and layered client-side defenses designed to hold up under SBMP-grade static and dynamic attacks.

This helps to ensure your app presents the multi-layer protections evaluators expect to see consistently across builds and environments.

  • device-mobile+shield

    App hardening

    Increase resistance to decomplication and code inspection, so sensitive logic is less exposed at rest.
  • at-runtime-sun

    Runtime attack resistance

    Detect and resist debugging, hooking, instrumentation, and overlay abuse on hostile devices.
  • threat-app-repackage-copy-clone

    Tamper and repackaging defense

    Detect cloning and repackaging reliably and limit exploitability, with predictable responses when tampering is detected.
  • lock-check

    Secret and asset protection

    Reduce exposure of sensitive assets and configurations that labs commonly inspect during static analysis.
  • boxes-3D-packages

    Consistency across builds

    Keep protections stable across releases to avoid “version drift” and uneven coverage that evaluators flag.
  • device-mobile+shield-1

    Real device readiness

    Support testing across rooted devices, emulators, and fragmented environments without relying on “lab-only” assumptions.
Promon
 
What labs typically test Promon features
Labs run the app in untrusted conditions (emulators, rooted or jailbroken devices) and attempt to observe or influence sensitive flows via OS-level abuse. check-circle Emulator detection
check-circle Root or jailbreak detection
check-circle Detection and blocking of untrusted keyboards, keyloggers, screen readers, and abuse of OS accessibility services
Labs modify the app (patching, repackaging, runtime modification) and check whether integrity protections detect and respond reliably across devices and builds.

check-circle Runtime integrity checks to detect modification

check-circle Prevention of code injection

check-circle Detection and blocking of hooking frameworks
Labs inspect the binary to understand sensitive logic, extract assets/configuration, and evaluate how easily protections can be undone offline.

check-circle Code obfuscation >

check-circle Protection of sensitive assets and data at rest: Data encryption >
Labs attach debuggers and instrumentation to trace, manipulate, and observe behavior at runtime using common toolchains and techniques.

check-circle Anti-debugging

check-circle Detection and blocking of tools such as Frida, Xposed, LSPosed, ADB, etc.

 

 

  •  

Inside an EMVCo SBMP evaluation: What labs focus on and how to prepare effectively

This guide offers a global view of what labs typically focus on during an EMVCo SBMP evaluation, why mobile apps struggle, and how teams can build readiness directly into their development and compliance roadmap.

  • Understand what “SBMP-ready” looks like in practice
  • Spot the client-side gaps that trigger setbacks
  • Prepare for reverse engineering, tampering, and runtime attacks
  • How to prepare builds and evidence without derailing delivery
  • A practical readiness framework to reduce rework and delays
Read the blog post
Compliance_handbook

Who this is for

Promon’s SBMP guidance is built for teams that need to prove mobile payment security in real-world conditions, not just in the lab.

Whether you are preparing for your first SBMP evaluation or tightening controls after a gap, this is for organizations securing payment functionality on-device and across the wallet ecosystem.

Illustration of personas Promon helps

  • Issuer and bank wallets

    Strengthen wallet integrity and reduce fraud risk while meeting SBMP requirements without slowing release cycles.

  • PSPs, fintechs, and neobank payment apps

    Protect payment flows and customer trust with controls that scale across devices, regions, and evolving threat patterns.

  • Wallet and payment SDK vendors (including white-label)

    Embed SBMP-ready security into SDKs so every downstream customer inherits consistent, auditable protection.

  • Tap-to-Phone and Tap-to-Mobile

    Harden the mobile acceptance runtime and improve resilience against tampering, abuse, and device-level compromise.

What sets Promon apart

  • world-globe

    Proven global trust

    Trusted by Tier 1 banks and enterprises, protecting over 2 billion users and transactions daily with no impact on app performance or user experience.

  • device-mobile+shield-1

    Leaders in mobile app hardening

    20 years of innovation in app shielding and RASP, backed by a world-class research team, delivering advanced, field-proven protection against evolving threats.

  • stack-layers-1

    Frictionless integration

    Fully on-premise and CI/CD-ready. No code changes or dependencies — harden your app fast with full control.

  • devices-check-cross-platform

    Truly cross-platform

    One integration process, identical results for iOS and Android — saving time, reducing complexity, and ensuring consistent protection quality.

FAQ

Are you an EMVCo lab? Do you perform certifications?

No. Promon is not an evaluation lab. We provide the client-side protections and evaluated tooling that help you prepare for SBMP evaluations and reduce certification risk.

Does using Promon guarantee EMVCo certification?

No vendor can guarantee outcomes. What Promon does is reduce risk by aligning protections to what evaluators test and helping you avoid common client-side gaps that lead to rework.

How do you work with evaluation labs (e.g., Keysight, and others)?

We support your readiness and provide documentation and technical guidance so your team can engage labs effectively and consistently across builds.

Discuss your EMVCo readiness with us

If you’re planning for SBMP or strengthening client-side protection for mobile payments, we’ll help you clarify what “ready” looks like and what to do next.

  • Review your current client-side protection approach across key payment flows and threat points
  • Identify priority gaps and risk areas across static, runtime, and tamper resistance
  • Recommend a practical path forward using Promon's product suite
  • Share implementation guidance to strengthen protections without disrupting delivery plans

SBMP readiness is easiest when it’s planned, not patched. Use the form to request an EMVCo readiness session, and we’ll follow up to schedule a conversation.

 

Speak to an expert