There are numerous solutions being deployed that use software applications to store and perform payment transactions on mobile devices. As SBMP applications must operate in the more vulnerable consumer device environment, solutions often utilise a layered security approach incorporating various device and software components to help with fighting the potential threats.
EMVCo recognised an opportunity to develop a common approach to evaluating the security of SBMP solutions. The SBMP Security Evaluation Process introduces a ‘component’ and ‘integration’ evaluation model. This allows components to be evaluated either independently or together to validate the security of the overall solution. Individual component evaluation modules include: Trusted Execution Environment (TEE) and Consumer Device Cardholder Verification Method (CDCVM).
EMVCo has also developed programme documents to describe the security requirements, evaluation process and methodology.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now