Riscure is accredited by the EMVCo consortium to perform IC and platform evaluations as we as the assessment of Crypto Libraries. Furthermore, all major payment scheme like VISA, Mastercard, Discover, American Express, and Cartes Bancaires accredit Riscure to conduct ICC evaluations. Riscure is also licensed by the Dutch Common Criteria certification body (NSCIB), so that we can provide you with a cost-efficient combination of these evaluation schemes. We cover all “architectural layers” of classical high secure solution technologies from the underlying Hardware and the Crypto Libraries, up to the Software level of the embedded Operating System platforms and the application layer. As an experienced lab for System-on-Chip evaluations, Riscure is also the best choice for EMVCo evaluations of other form factors than Smart Cards like embedded or integrated secure elements.
The EMVCo or any other payment scheme evaluation starts with a Vulnerability Analysis during which design and implementation information is studied and potential vulnerabilities are identified and assessed. This results in a selection of tests for a penetration test campaign that aims at verifying whether the product resists against an attacker with a high attack potential.
The products can be evaluated on three different layers:
- Integrated Circuit (IC) evaluation
The evaluation of the IC includes all chip hardware as well as any software crypto libraries in the chip. Although this can be done through a dedicated EMVCo IC evaluation, vendors often choose Common Criteria certification for this stage, because most Smart Card chips can also be used in other domains, like governmental applications that require this certification. EMVCo recognizes the results of CC tests in their IC certification process so that both evaluations can be conducted together with minimum overhead.
- Platform evaluation
This stage focuses on the Operating System as well as the chip. It is a composite evaluation, building upon the results of an IC evaluation. The scope includes all generic software, including cryptographic algorithms and other security mechanisms.
- Integrated Circuit Card (ICC) evaluation
This evaluation covers a complete product, including the platform and application(s). It is a composite evaluation that reuses chip evaluation, and potentially platform evaluation results. Riscure has the capacity and the capability to fully separate pre-evaluation and certification work. During a pre-evaluation you can prepare your product for the certification and thereby control risks very early in the development process.
Upon request we can support you in the investigation for security risks for your product outside of the scope mandated by EMVCo. We anticipate developments in terms of attack potential and threats in the field, and can creatively challenge the security of your product and uncover potential areas of concern so that you can stay ahead of attackers and properly plan the product roadmap for the future.
The benefits of working with Riscure
Flexibility to combine different components and variants under the same evaluation.
Short lead times and flexible planning.
Fast Time to market support through our pre-evaluation and developer support program.
Insightful results about the future threats to the products.
Get in touch with us
Fill out the form and we will get back to you to discuss how to pre-certify your payment solution.