SRC is recognized as a security assessor for the security of electronic payment systems by the Deutsche Kreditwirtschaft (DK).
SRC is a PCI SSC, Currence PCI+ (Netherlands), APCA (Australia) and PNC (Sweden, Denmark, Norway, Finland and the Baltic States) approved security assessor for payment terminals and their components such as PIN entry devices and smart card readers. In addition, SRC is a participating laboratory in the Visa Ready Program for mPos.
Our competence
DK has defined a catalog of criteria for components for use in electronic payment systems. SRC staff has extensive experience in the security investigation of payment system components. For example, in the case of distributed payment terminals, SRC identifies the security aspects to be audited and presents the audit results to DK, taking into account the requirements for form and content. Due to our detailed knowledge of all aspects of the DK approval process, we not only uncover weak points, but also successfully guide our customers to the goal of on-time approval.
SRC has extensive knowledge of other audit programs in the environment of international payment systems such as the Payment Card Industry (PCI). SRC performs appraisals according to the requirements for PIN Entry Devices (PED) or Encrypting PIN Pads (EPP) and consults in the pre-development phase. Involving our experts as early as possible in the development process is worthwhile for you, as we can help you to consider the requirements of all intended approvals from the very beginning.
Our offer
SRC offers safety investigations in all test methods.
In principle, it is possible to combine the assessment processes so that synergy effects result for you.
SRC can, for example, perform the DK assessment in such a way that the results can also be used for global approval. The Currence PCI+, APCA, and PNC criteria require either an add-on only (Currence PCI+, PNC) to the PCI PTS criteria or the requirements can be demonstrated as an add-on to a PCI PTS appraisal (APCA). Tests can also be combined with Common Criteria, UKCA‘s testing method. For example, security analysis and penetration testing can be used across methods.
References
SRC has provided security assessments on payment terminals for Cryptera, GMX, VeriFone and XAC, among others, and the certifications have been successfully completed.
SRC has successfully presented network concept and integration expertise for electronic cash network operators to DK.