Global technical body EMVCo has issued its 100th Security Evaluation Certificate for Software-Based Mobile Payments (SBMP) solutions.
This milestone reflects significant industry uptake from device manufacturers and product vendors to demonstrate the security of their solutions through a globally recognised programme, promoting trust and confidence across the payments ecosystem and simplifying the deployment of safe and secure mobile wallet solutions.
Different security components
The continued growth of mobile payments has increased the number of solutions deployed that use software applications to enable consumers to pay in-store. As these software-based solutions operate in the more vulnerable consumer device environment, mobile wallet providers use a layered security approach comprising various software and device components to combat threats.
EMVCo introduced a dedicated Security Evaluation Process for SBMP in 2018
To support this layered security approach while ensuring flexibility and efficiencies, EMVCo introduced a dedicated Security Evaluation Process for SBMP in 2018 to assess the different security components that can be integrated into a SBMP solution. Specific components evaluated by EMVCo include software development kits (SDK), trusted execution environments (TEE), consumer device cardholder verification methods (CDCVM) such as biometrics/authenticators, attestation mechanisms, and software protection tools. Full mobile payment applications comprising various individual components can also be evaluated.
Realise significant efficiencies
“Advancing testing and evaluation processes is integral to enabling more consistent, convenient, and secure payment experiences,” comments Alisa Ellis, EMVCo Executive Committee Chair. “Issuing 100 Security Evaluation Certificates for SBMP Solutions is testament to increasing demand for secure mobile payments worldwide, and this is enabling mobile wallet providers to realise significant efficiencies and accelerate deployment by easily identifying the products that have been evaluated.”
EMVCo Security Evaluations ensure that a payment product or solution has been assessed against the common EMVCo evaluation methodology and includes mechanisms and protections to withstand known attacks. SBMP Security Evaluations are conducted by a global network of 9 accredited laboratories, with EMVCo acting as a trusted authority. Approved products are listed on the EMVCo website.