Home EMVCo Software Based Mobile Payment

EMVCo Software Based Mobile Payment

Develop and certify your Software Based Mobile Payment (SBMP) solution with the leading security laboratory for mobile payment security with excellent performance, flexibility and experience.

For Software Protection Tool (SPT), HCE SDK and HCE Wallet, CDCVM and OEM vendors who would like to acquire EMVCo SBMP certification and gain solution approval be by the card brands, Riscure offers expert security services.

Riscure is the leading and accredited security laboratory for EMVCo SBMP evaluations of all products under the SBMP program. With the SBMP evaluation process, solution providers can be granted a security evaluation certificate for their Software-Based Mobile Payment components or solutions, including:

  • Software Protection Tools
  • HCE (Mobile Applications and related Software Development Kits (SDK))
  • Trusted Execution Environments (TEE)
  • CDCVM
  • OEM pay

Software protection tools and Cloud based mobile payment (Host Card Emulation HCE)

Riscure  provides security evaluations of HCE solutions based on EMVCo SBMP requirements and against the various payment schemes such as VISA, Mastercard, American Express, Discover, JCB, Bancontact Payconiq, Cartes Bancaires, MIR and others. As a one-stop shop, Riscure is the leading expert on all relevant mobile security technologies.

Consumer Device Cardholder Verification Method (CDCVM)

Consumer Device Cardholder Verification Methods (CDCVM) are an integral part of Software Based Payment Solutions. Riscure has evaluated many CDCVM solutions including TEE based TUI (Trusted User Input) and Biometric solutions, including both Secure Camera and Fingerprint solutions.

Riscure works with all relevant partners engaged in securing Biometric user authentication, from the chipset and TEE providers, to the fingerprint, facial and iris recognition solution provides and ultimately the smartphone OEM’s which integrate the CDCVM solutions into their smartphone.

Riscure provides flexible, in-depth and efficient evaluation services, in-line with payment market requirements. Due to our extensive experience and leading expertise, working with Riscure ensures solution developers to saves evaluation costs and time to market.

OEM Mobile Payment Security Certification

Riscure is performing scalable efficient security evaluation services according to EMVCo SBMP and brand program requirements (Visa, MasterCard, Discover, AMEX and other payment schemes) for both TEE and Secure Element based solutions.

Based on the working relations with key technology providers in the mobile domain (e.g. Mobile chipset vendors, TEE vendors and SE vendors), Riscure has accumulated a vast experience in supporting our partners during the solution development and certification process. Due to our broad and leading expertise Riscure is able to support OEMs will all relevant aspect.

Mobile payment using Host Card Emulation (HCE) enables payment on mobile devices without the need of traditional hardware secure elements. As the secure element is emulated in software, the security requirements on the software components increase in order to protect all assets and enable secure payments.

Deploying mobile payment solutions has proven to be a strong distinguisher and driver for smartphone OEMs. With deployed solutions like Android Pay, Samsung Pay, Apple Pay, and other OEM payment solutions most smartphone vendors are actively developing and deploying such solutions.

Track record

  • 1st lab to perform security evaluation of Software Protection Tools and White-box cryptograph solutions, since 2012
  • 1st lab to perform security evaluations of CDCVM solutions, since 2013
  • 1st lab to perform security evaluations of TEE solutions, since 2014
  • 1st lab to perform security evaluations of HCE solutions, since 2014, leading to solution approval by Visa and Mastercard
  • 1st lab to perform security evaluations of OEM Pay solutions, since 2015, leading to solution approval by Visa and Mastercard

Benefits of working with Riscure

Endorsed and trusted by multiple payment schemes

Minimizing throughput time and de-risk projects by professional training and pre-certification

One-stop shop to multiple payment schemes such as EMVCo, domestic schemes, further approved by card brands such as Mastercard, VISA and others

Proven track record with multiple smartphone OEMs as well as leading technology and security vendors in the Mobile Technology and Payment market

Riscure got under the skin of our product very quickly and produced an insightful, valuable and professional report. As well as demonstrating forensic skills they understand the different technical and commercial audiences that need to consume these reports and presented their finding appropriately for both audiences. They really understand security and are very easy to deal with.
– Jon Geater, Chief Technology Officer, Trustonic Ltd.
I would like to thank you for the nice cooperation and open communication and support we had with all Riscure members. You surely contributed to make our apps even better.
– J. Smets, Head of Mobile Development, Belfius
Get in touch with us

Feel free to contact us anytime at inforequest@riscure.com or fill out the form below.

By checking this box you agree to process your data according to Riscure's privacy policy:
Check this box to also subscribe to our monthly newsletter: