SRC recog­nised as SBMP Evalu­ation Laboratory by EMVCo

Mobile Payments: From chip card to mobile device

Mobile Payment is an electronic form of payment using mobile devices such as mobile phones, tablets or smart­watches. Electro­mag­netic, i.e. contactless, techniques are used to initiate, authorise and realise the payment. This makes the security of this form of payment a challenge.

EMVCo and Software-Based Mobile Payment (SBMP) Programme

EMVCo, which defines and further develops the EMV standard and checks its imple­men­tation, addresses these challenges with its new SBPM approval process. SBPM stands for Software-Based Mobile Payment Evalu­ation Process. This evalu­ation examines whether the security mecha­nisms and protective measures of a component or solution have the minimum security level defined by EMVCo. Manufac­turers are certified with a security assessment certificate that their products can withstand known attacks.

With the SBPM approval process, EMVCo supports the global security and inter­op­er­ability of mobile payment trans­ac­tions. The range of security assessment processes has so far included products for integrated circuits (IC), platforms and integrated circuits (ICC). For the first time, EMVCo has extended the scope of its approval processes to include software compo­nents and solutions for mobile payments.

EMVCo recog­nises SRC as SBPM Evalu­ation Laboratory

SRC is recog­nized by EMVCo as a security lab/assessor for the security assessment of software-based mobile payment solutions and compo­nents, in addition to the existing Mastercard and Visa recog­ni­tions.

SRC performs compre­hensive checks of the security mecha­nisms of a Mobile Payment App or its compo­nents. The imple­mented measures are examined using state-of-the-art methods, such as reverse engineering, side channel and runtime analyses, and their resilience/resistance to attackers and protection against misuse is evaluated.

If you are inter­ested in further infor­mation on the subject or the evalu­ation of your payment solution, please contact us.

EMVCo certification

SRC’s ITSEF laboratory receives extended EMVCo certi­fi­cation

SRC’s certified Common Criteria security laboratory has recently been enriched by another EMVCo certi­fi­cation. The SRC laboratory has long been approved by the German Federal Office for Infor­mation Security (BSI) for the evalu­ation of hardware and software evalu­a­tions for smart cards and similar devices. After SRC has now success­fully evaluated chip hardware of a well-known and also EMVCo certified manufac­turer, EMVCo confirmed the certi­fi­cation of the SRC security laboratory as EMVCo Security Evalu­ation IC laboratory, which is now also listed as such on the EMVCo website, following a review of the latest findings provided within the scope of an IC security evalu­ation project.

Further infor­mation on the certi­fi­ca­tions for SRC by EMVCo can be found here.