Electronic payments are, every day, more frequent and, therefore, must have a greater security to guarantee the confidence of the buyer and the vendor.Payment terminals, contact and contactless smartcards, chip mobile payments, among other secure payment technologies are the payment methods used all around the world. Ultimately, the trend is the great adoption of mobile payments with a huge year-on-year growth (e.g. US Mobile payment market has grown 46% in 2020). In the new era of digital payments, where technologies are constantly changing and evolving, there are numerous cybersecurity challenges to take into account. That is why, our top notch experts put at your disposal their expertise in Payment standards cybersecurity consulting to ensure a successful evaluation of your product.
Smart Payment Cards
Each Payment Brand (Visa, MasterCard, JCB, American Express and Discover) has its own certification requirements for the application/Applet to verify the correctness of the implementation.
EMVCo acts as the certification Body for all IC security related products such as SIM, eSE, SD, contact, contactless chip cards or other chip-based payment solutions. EMVCo is a consortium that includes the main companies in the sector (RuPay, JCB International, American Express, Mastercard, China UnionPay, Discover Financial and Visa Inc.) unifying IC security requirements in a common and mandatory certification process.
EMVCo ensures the correct compliance with the EMV, a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines, which can accept them. EMVCo certification is required for ICs and Java Card Platforms. EMVCo certification focuses on penetration testing and security throughout the life cycle of the product.
Mobile Payments are those made for a product or service through a portable electronic device such as a tablet, smartphone or wearables.
Mobile wallets and NFC payments are the most widely known mobile payment methods. In addition, there are many more different types of mobile payments such as:
MST payments (Magnetic Secure Transmissions Payments).
QR code payments.
Mobile to mobile payments
Different Architectures may be used for your mobile payment such as Mobile Payment Applications (MPA), Software Development Kits (SDK) or TEE based payment solutions.Different Payment Brands have launched their Mobile Payment schemes such as MasterCard Cloud Based Payment (MCBP) or VISA Ready Cloud Based Payment (VCBP).
Payment terminals are highly sophisticated devices these days. They are no longer simple swipe card readers used to capture card numbers. These devices are used for a range of payment transactions as well as value added electronic transaction processing services such as processing evouchers, product coupons, bill payments, gift cards and loyalty programme points. .Payment Terminals are evaluated using the PCI-PTS standard, which is defined by the Payment Card Industry Security Standards Council or PCI SSC and addresses the logical and physical protection of the cardholder and other sensitive data in payment security devices. This standard evaluates the products against a common module of requirements that refer to safe construction and design of the devices and another set of optional requirements depending on the features implemented by the module such communication with wireless standard or the ability to encrypt account data (SRED). A new standard called PCI CPoC brings security and testing requirements for Mobile Payments Terminal products that support contactless payments on a commercial COTS device using a built-in NFC reader.
They already trusted us. Let's talk!
What we offer
Smart Payment Cards Consultancy
We have experience in evaluations for Smart Payment Cards and Mobile Payments Schemes, as consultants. Our expertise in EMVCo and other Payment Brands consulting will ensure you a successful certification.
jtsec may guide you through the process supporting you to meet the established requirements and obtaining better fees through their partner labs.
PCI-PTS PCI-CPoC Consulting
Ask about our PCI-PTS & PCI-CPoC Consulting Service , and get your product on the Approved Devices website reducing the time of validation and getting a better beneficial for you based on our experience and our recognition as valued consultants for laboratories.
Source Code Review
jtsec may carry out source code review of your Smart Payment Cards, Payment Terminals or Mobile Payments Application, supporting you to increase the security countermeasures and make sure that your certification is successful.