The identity of the payer must be verified beyond doubt for every payment. To this end, established card-based payment methods generally require the payer to enter their PIN. Mobile payment systems implemented on smartphones shift this verification from the merchant’s terminal to the payer’s smartphone. Biometric procedures, such as checking fingerprints, irises, voice or matching with the user’s face, are increasingly being used. CDCVM is dedicated to the security of this technology.
The Association of International Payment Systems EMVCo is driving the implementation of standards for global payment interoperability, acceptance and security. EMVCo announced on March 15, 2019 a new security evaluation process for Consumer Devicer Cardholder Verification Method (CDCVM) solutions – pdf based on their security requirements – pdf. The associated Best Practices document – pdf sets out the guidelines for the functionality and performance of biometric authentication methods in payment transactions. This promotes a uniform user experience and global interoperability.
With many years of recognition by and with EMVCo, MasterCard and VISA, SRC can draw on a wealth of experience in the security assessment of payment solutions. SRC naturally also supports the new security evaluation process for CDCVM solutions. Solution providers in the mobile payment sector thus have the opportunity to utilize SRC’s expertise for the assessment of their mobile software implementations and to undergo successful certification with EMVCo.
