There are several reasons why mobile payment app providers need to get an EMVCo Software-Based Mobile Payment (SBMP) certification. Some of the reasons to choose the EMVCo certification are:
- Ensuring the security of the solution
- Easing the acceptance by the largest card brands
- Layered approach
The evaluation process for software-based payment solutions ensures a thorough security assessment and as well as reduces the overall certification process. In addition, if a mobile payment app provider chooses to integrate with an EMVCo certified App Shielding or SDK solution, it assures them that their app can withstand real-life threats and attacks while simultaneously reducing the app’s time to market. This paper will look at the three main reasons mobile payment apps need to get EMVCo certified, and the benefits of EMVCo SBMP certified Software Protection Tool solutions.
What is the evaluation process for the EMVCo SBMP certification?
Furthermore, the paper looks into the evaluation process that takes place during the EMVCo SBMP evaluation for the certification. The EMVCo SBMP security evaluation process is conducted by accredited expert laboratories, like Riscure, that thoroughly test the security robustness of a product. In this process, the laboratory follows a set of security guidelines maintained by EMVCo that both support the laboratories in their evaluations but also support product, component, and solution providers in developing their products.
The security evaluation of an SBMP solution is performed according to the EMVCo SBMP evaluation methodology and requirements. Such an evaluation entails both a vulnerability analysis and penetration testing phase. During the vulnerability analysis, a security review of the solution design and implementation is performed in order to identify potential security vulnerabilities considering known and possible new attacks.
Find out more about the EMVCo SMBP certification, who it applies for, and why mobile app providers should consider it in our whitepaper.