Group-IB x PSR IT Solutions Success Story

Background

PSR IT Solutions, headquartered in Dubai, develops payment terminals and business automation software, offering cloud-based solutions for managing sales, logistics, and fintech infrastructure. The company helps retailers and payment providers automate their operations to a level previously only accessible to large enterprises. It also enables banks to deepen their engagement with merchants beyond traditional acquiring services.

The launch of Pulsar SoftPOS marked a major milestone for PSR. The software-based payment solution transforms any Android smartphone into a secure, contactless payment terminal — providing a fast, flexible, and affordable alternative to traditional hardware terminals. Yet with innovation came new challenges: ensuring that security met regulatory requirements and that the solution could withstand real-world attacks in highly dynamic, user-controlled environments.

Challenges

Mobile payment acceptance on commercial smartphones involves unique risks. Unlike closed hardware terminals, SoftPOS solutions operate on devices controlled by end users, making them vulnerable to rooting, tampering, malware infection, and reverse engineering. In such an environment, proving that your security controls are robust is essential for earning the trust of acquiring partners, PSPs, and regulators.

Launching Pulsar SoftPOS meant navigating stringent regulatory challenges. PSR needed an independent validation of security posture, aligned with the newly minted PCI MPoC (Mobile Payments on Commercial Off-The-Shelf Devices) standard. At the time, only around 20 companies in the world had achieved certification under PCI MPoC, setting an exceptionally high bar for compliance, resilience, and trustworthiness. Certification was the gateway to commercial deployment and to joining a select group of pioneers in the SoftPOS space. At the same time, PSR recognized that its broader infrastructure — public portals, APIs, and management systems — also needed to meet security best practices to fully protect merchant operations end-to-end.

Why Group-IB?

Recognized globally for its incident response, threat intelligence, and advanced testing services, Group-IB was the natural partner for this initiative. With decades of experience uncovering sophisticated payment fraud schemes and reverse engineering financial malware, Group-IB’s security experts brought a real attacker mindset to the evaluation.

How Group-IB Security Assessment helped

PSR partnered with Group-IB to conduct a two-pronged engagement combining a white-box security evaluation of Pulsar SoftPOS and a blackbox external penetration test of the company’s IT infrastructure.

Throughout the project, Group-IB’s approach emphasized collaboration, transparency, and readiness. PSR’s internal teams gained not only technical insights into specific vulnerabilities but also strategic knowledge on how to continuously improve their defensive posture in the long term.

Outcomes

Through its partnership with Group-IB, PSR achieved full compliance with PCI MPoC — securing its place among a very limited number of global providers who meet the highest standards for mobile payment security. Beyond certification, the independent validation accelerated PSR’s go-to market timeline and strengthened trust with acquiring xr. Attack simulations confirmed that Pulsar SoftPOS’s defenses could withstand even the most advanced attacks.

At the infrastructure level, PSR reinforced its resilience by addressing vulnerabilities identified during penetration testing, further securing merchant portals and operational APIs. PSR also gained actionable roadmaps for security enhancements, making its incident response capabilities stronger and more agile.

In an increasingly competitive fintech landscape, PSR was able to position security not just as a technical requirement but as a powerful differentiator — a sign of commitment to customer trust, regulatory excellence, and sustainable innovation.