emvco
Cybersecurity Fintech Trending

EMVCo Establishes Security Evaluation Process for Software-Based Mobile Payments

EMVCo has established a Security Evaluation Process for software-based mobile payments (SBMP) to provide an efficient, flexible offering for product providers and promote a robust security foundation for SBMP solutions.

There are an increasing number of solutions being deployed that use software applications to store and perform payment transactions on mobile devices. As SBMP applications must operate in the more vulnerable consumer device environment, solutions often utilise a layered security approach incorporating various device and software components to help with combating the potential threats.

EMVCo recognised an opportunity to develop a common approach to evaluating the security of SBMP solutions, consolidating existing processes and industry best-practices. The SBMP Security Evaluation Process therefore introduces a ‘component’ and ‘integration’ evaluation model. This allows components to be evaluated either independently or together to validate the security of the overall solution. Individual component evaluation modules include:

  • Trusted Execution Environment (TEE)
  • Consumer Device Cardholder Verification Method (CDCVM)

EMVCo has also developed programme documents to describe the security requirements, evaluation process and methodology.

Author

Related posts

Searching for Mana: The Future of Software Development | Nicholas Mills, CircleCI

Gina Clarke

Chargebacks911 Says FTC Allegations of Unfair Techniques A Concern For SaaS Providers

The Fintech Times

View from the Top: Cydome, Persistent Systems, Endava, SoMo, Tradeteq

Polly Jean Harrison