We test the security strength of technology that requires protection against an adversary that can launch physical as well as logical attacks to the product. Usually, the technology has an important security function to fulfill. Examples include chips in banking cards, SIM cards, access control tokens, car security systems, voting machines, payment terminals, mobile phones, gaming consoles and pay-TV decoders. Read more on the technology that we test.

We do not test the security of server-based systems, databases and networks. We do test the security of PC-based applications that demand a high level of security.

Yes, we are.

1. We perform security testing for companies that have a legitimate business reason to have a product tested. For instance, the company manufactures  the product or the company purchased a product and would like to have it verified before integrating it in their own solution or before issuing it to customers.
2. With each new customer, we verify that its business is legitimate. The results of our security tests should never be used to exploit a weakness in a product when it is out in the field.

Riscure does not offer Common Criteria and FIPS-140 evaluations, but we do support vendors with the security testing that they need to perform themselves in a Common Criteria certification. Although we have good knowledge of the requirements and methodology of these schemes, Riscure would like to stay as close as possible to the technology and the challenge to properly secure this.

Our Inspector Side Channel Test Platform is very suitable for CC and FIPS labs.  For example, Inspector will receive a FIPS module to ease lab testing under the new FIPS 140-3 standard.

No, we do not offer these services. Due to the close partnership that we have with our customers and the detail of the information that we receive from them, we need to avoid any potential conflict of interests.

Yes, we reverse engineer technology, either as part of a security evaluation of a product or as part of the investigation of an exploit that is on the market to target a product of one of our customers.

We do not offer reverse engineering services for competitive intelligence purposes.

We research security issues in technology in order to stay abreast of the latest attack techniques and to add new techniques to our own test equipment. We publish:

• New test or attack methods if we believe that this knowledge is beneficial to the industry for understanding the security risk to technology. By not disclosing new ideas, the industry would run the risk of fraudsters deploying these ideas before the industry knows and can do something about it.
• Guidance to improve the security of technology.

In a publication, we never provide information that can be traced back to a specific product name or vendor.

In our research, we only use samples that we purchase on the market or that we use ourselves as a consumer. Samples that we receive from our customers are used only for the intended purpose of the project that was authorised by the customer.

No, Riscure is still independent.

Our product is a security testing product that we developed. The product is in line with our security evaluation services and supports our mission to provide independent ways to evaluate the security of technology that is designed to operate in a potentially hostile environment.