Mobile Payments: From chip card to mobile device
Mobile Payment is an electronic form of payment using mobile devices such as mobile phones, tablets or smartwatches. Electromagnetic, i.e. contactless, techniques are used to initiate, authorise and realise the payment. This makes the security of this form of payment a challenge.
EMVCo and Software-Based Mobile Payment (SBMP) Programme
EMVCo, which defines and further develops the EMV standard and checks its implementation, addresses these challenges with its new SBPM approval process. SBPM stands for Software-Based Mobile Payment Evaluation Process. This evaluation examines whether the security mechanisms and protective measures of a component or solution have the minimum security level defined by EMVCo. Manufacturers are certified with a security assessment certificate that their products can withstand known attacks.
With the SBPM approval process, EMVCo supports the global security and interoperability of mobile payment transactions. The range of security assessment processes has so far included products for integrated circuits (IC), platforms and integrated circuits (ICC). For the first time, EMVCo has extended the scope of its approval processes to include software components and solutions for mobile payments.
EMVCo recognises SRC as SBPM Evaluation Laboratory
SRC is recognized by EMVCo as a security lab/assessor for the security assessment of software-based mobile payment solutions and components, in addition to the existing Mastercard and Visa recognitions.
SRC performs comprehensive checks of the security mechanisms of a Mobile Payment App or its components. The implemented measures are examined using state-of-the-art methods, such as reverse engineering, side channel and runtime analyses, and their resilience/resistance to attackers and protection against misuse is evaluated.
If you are interested in further information on the subject or the evaluation of your payment solution, please contact us.