Tag Archive for: Smartphone

EMVCo

SRC recog­nised as SBMP Evalu­ation Laboratory by EMVCo

Mobile Payments: From chip card to mobile device

Mobile Payment is an electronic form of payment using mobile devices such as mobile phones, tablets or smart­watches. Electro­mag­netic, i.e. contactless, techniques are used to initiate, authorise and realise the payment. This makes the security of this form of payment a challenge.

EMVCo and Software-Based Mobile Payment (SBMP) Programme

EMVCo, which defines and further develops the EMV standard and checks its imple­men­tation, addresses these challenges with its new SBPM approval process. SBPM stands for Software-Based Mobile Payment Evalu­ation Process. This evalu­ation examines whether the security mecha­nisms and protective measures of a component or solution have the minimum security level defined by EMVCo. Manufac­turers are certified with a security assessment certificate that their products can withstand known attacks.

With the SBPM approval process, EMVCo supports the global security and inter­op­er­ability of mobile payment trans­ac­tions. The range of security assessment processes has so far included products for integrated circuits (IC), platforms and integrated circuits (ICC). For the first time, EMVCo has extended the scope of its approval processes to include software compo­nents and solutions for mobile payments.

EMVCo recog­nises SRC as SBPM Evalu­ation Laboratory

SRC is recog­nized by EMVCo as a security lab/assessor for the security assessment of software-based mobile payment solutions and compo­nents, in addition to the existing Mastercard and Visa recognitions.

SRC performs compre­hensive checks of the security mecha­nisms of a Mobile Payment App or its compo­nents. The imple­mented measures are examined using state-of-the-art methods, such as reverse engineering, side channel and runtime analyses, and their resilience/resistance to attackers and protection against misuse is evaluated.

If you are inter­ested in further infor­mation on the subject or the evalu­ation of your payment solution, please contact us.

CSCUBS 2018

SRC provides students with insight into exciting projects as part of CSCUBS 2018

Review of the 5th Computer Science Conference for University of Bonn Students

The CSCUBS 2018 took place on May 16th in the premises of the University of Bonn and was organised by PhD and MSc students with the aim of promoting research in computer science and scien­tific exchange among students. The partic­i­pation of researchers and practi­tioners was also encouraged. The students also had the oppor­tunity to submit their own contri­bu­tions describing new research or devel­opment work in connection with computer science. This also included university projects, disser­ta­tions and results of other profes­sional or leisure activ­ities. In addition to the sponsoring companies, the students themselves gave lectures.

SRC staff provides students with insight into exciting projects

Max Hettrich of SRC also reported on the company’s fields of activity in a lecture. The focus was on payment evolving. The aim here is to put the “Girocard into the mobile phone”. What is partic­u­larly inter­esting here is what the security evalu­ation for payment cards looks like so far and what new challenges will now arise for mobile payment in the future. Reverse engineering of the appli­ca­tions used will play a central role in the security evalu­ation of smart­phone-based solutions. The examiner takes on the role of an attacker and tries to find ways to compromise the payment appli­cation. This is a central building block for evalu­ating the effec­tiveness of the imple­mented protection mecha­nisms. Where in the past the SRC evalu­ation facility in particular evaluated the security of payment cards, in future the department for penetration testing will also contribute its expertise in the evalu­ation of mobile solutions.

In addition, the lecture also included more general topics, such as the fields of activity and working atmos­phere of the SRC. The core business of payment cards has developed over the many years that SRC has been in existence into a multitude of other business areas. It was also discussed what makes SRC as an employer special and what qualities SRC offers.

Conclusion and impres­sions from the view of the SRC

“The high proportion of inter­na­tional students, the active partic­i­pation in the event and the consis­tently independent organ­i­sation of the CSCUBS made a lasting impression on us,” said Jochen Schumacher of SRC. The BSI, BC Technologies and SRC accom­panied the CSCUBS 2018 with presen­ta­tions. We were partic­u­larly pleased that SRC’s practical contri­bution provided material for a productive discussion. The security of modern payment trans­ac­tions is a topic that also moves students. This was demon­strated by the many meaningful discus­sions in the plenum and the personal exchange at SRC’s specially set up stand. CSCUBS 2018 was an extremely successful and infor­mative event. SRC is looking forward to the new edition in 2019.

Image credit: https://twitter.com/CSCUBS_Bonn