Delft, 25th of July 2016: Brightsight is proud to announce that the first CSEC-C approval, based on a Brightsight report, was issued on the 13th of July 2016. CSEC-C stands for “Common Security Evaluation & Certification” and is a collaboration between the UK Cards Association and the Association of German Banks for the girocard scheme. It is responsible for certification of payment terminals aimed to be used in the UK and Germany. CSEC-C was established in 2016 and was able to issue the first product approvals within six months of its foundation. Both Germany and the UK require the use of the Common Criteria (CC) evaluation methodology for the security compliance assessment of payment terminals. The requirements used are those outlined in the Common Approval Scheme Point of Interact Protection Profile (CAS POI PP). The countries established the CSEC-C scheme to avoid individual certifications. The first CSEC-C approval was issued for the Verifone V200c, part of the new Verifone Engage family of next generation payment devices. The V200c is one of the latest developments of Verifone and offers the technologies needed for modern payments and enriched customer interaction at the point-of-sale. Verifone is one of the largest payment terminal developers worldwide and has a significant market share in Europe. Brightsight had been selected by Verifone to conduct the CAS POI PP security evaluation that ultimately led to this CSEC-C approval. Brightsight congratulates Verifone on this important milestone. Dirk-Jan Out, CEO at Brightsight, says: “We are very proud to be at the basis of this first CSEC-C approval. Part of this important achievement is our good and strong relation with CSEC-C as well as our large and highly skilled team of security experts. We aim to perform many more of these security evaluations in the near future.” Markus Hövekamp, General Manager of Verifone Germany, adds: “We are delighted to have been recognized as the first recipient of CSEC-C certification. This shows the commitment Verifone has to security and to our clients to deliver high-class future-proof products.” Brightsight has over 30 years of experience in the security evaluation of electronic payment-related products as well as many other types of evaluations. Brightsight’s clients benefit from its many accreditations and extensive experience via strong and clear support during the evaluation process. Its main objective is to avoid any delay in time to market while working as efficiently and transparently as possible.
For more information about Brightsight and its services, please click here
Update June 2017: CSEC-C is now called Common.SECC