For Software Protection Tool (SPT), HCE SDK and HCE Wallet, CDCVM and OEM vendors who would like to acquire EMVCo SBMP certification and gain solution approval be by the card brands, Riscure offers expert security services.
Riscure is the leading and accredited security laboratory for EMVCo SBMP evaluations of all products under the SBMP program. With the SBMP evaluation process, solution providers can be granted a security evaluation certificate for their Software-Based Mobile Payment components or solutions, including:
- Software Protection Tools
- HCE (Mobile Applications and related Software Development Kits (SDK))
- Trusted Execution Environments (TEE)
- OEM pay
Software protection tools and Cloud based mobile payment (Host Card Emulation HCE)
Riscure provides security evaluations of HCE solutions based on EMVCo SBMP requirements and against the various payment schemes such as VISA, Mastercard, American Express, Discover, JCB, Bancontact Payconiq, Cartes Bancaires, MIR and others. As a one-stop shop, Riscure is the leading expert on all relevant mobile security technologies.
Consumer Device Cardholder Verification Method (CDCVM)
Consumer Device Cardholder Verification Methods (CDCVM) are an integral part of Software Based Payment Solutions. Riscure has evaluated many CDCVM solutions including TEE based TUI (Trusted User Input) and Biometric solutions, including both Secure Camera and Fingerprint solutions.
Riscure works with all relevant partners engaged in securing Biometric user authentication, from the chipset and TEE providers, to the fingerprint, facial and iris recognition solution provides and ultimately the smartphone OEM’s which integrate the CDCVM solutions into their smartphone.
Riscure provides flexible, in-depth and efficient evaluation services, in-line with payment market requirements. Due to our extensive experience and leading expertise, working with Riscure ensures solution developers to saves evaluation costs and time to market.
OEM Mobile Payment Security Certification
Riscure is performing scalable efficient security evaluation services according to EMVCo SBMP and brand program requirements (Visa, MasterCard, Discover, AMEX and other payment schemes) for both TEE and Secure Element based solutions.
Based on the working relations with key technology providers in the mobile domain (e.g. Mobile chipset vendors, TEE vendors and SE vendors), Riscure has accumulated a vast experience in supporting our partners during the solution development and certification process. Due to our broad and leading expertise Riscure is able to support OEMs will all relevant aspect.
Mobile payment using Host Card Emulation (HCE) enables payment on mobile devices without the need of traditional hardware secure elements. As the secure element is emulated in software, the security requirements on the software components increase in order to protect all assets and enable secure payments.
Deploying mobile payment solutions has proven to be a strong distinguisher and driver for smartphone OEMs. With deployed solutions like Android Pay, Samsung Pay, Apple Pay, and other OEM payment solutions most smartphone vendors are actively developing and deploying such solutions.
- 1st lab to perform security evaluation of Software Protection Tools and White-box cryptograph solutions, since 2012
- 1st lab to perform security evaluations of CDCVM solutions, since 2013
- 1st lab to perform security evaluations of TEE solutions, since 2014
- 1st lab to perform security evaluations of HCE solutions, since 2014, leading to solution approval by Visa and Mastercard
- 1st lab to perform security evaluations of OEM Pay solutions, since 2015, leading to solution approval by Visa and Mastercard