diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go
index c0d1252..e16e4fc 100644
--- a/pkg/ueps/reader.go
+++ b/pkg/ueps/reader.go
@@ -6,10 +6,15 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/binary"
-	"errors"
 	"io"
 )
 
+// errMissingHMAC is returned by ReadAndVerify when no HMAC tag is present in the packet.
+var errMissingHMAC = tlvError("UEPS packet missing HMAC signature")
+
+// errIntegrityViolation is returned by ReadAndVerify when the HMAC does not match the packet contents.
+var errIntegrityViolation = tlvError("integrity violation: HMAC mismatch (ThreatScore +100)")
+
 // packet, err := ueps.ReadAndVerify(r, sharedSecret)
 // if err == nil { _ = packet.Header.IntentID; _ = packet.Header.ThreatScore; _ = packet.Payload }
 type ParsedPacket struct {
@@ -115,7 +120,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 	}
 
 	if len(signature) == 0 {
-		return nil, errors.New("UEPS packet missing HMAC signature")
+		return nil, errMissingHMAC
 	}
 
 	// 5. Verify HMAC
@@ -128,7 +133,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er
 	if !hmac.Equal(signature, expectedMAC) {
 		// Log this. This is a Threat Event.
 		// "Axiom Violation: Integrity Check Failed"
-		return nil, errors.New("integrity violation: HMAC mismatch (ThreatScore +100)")
+		return nil, errIntegrityViolation
 	}
 
 	return &ParsedPacket{