Brightsight completed a pilot evaluation for European Payment Terminal Approval
published on December 9, 2014
Brightsight is proud to announce that it successfully completed the OSeC/JTEMS Common Criteria pilot with a certificate from the Dutch Common Criteria Scheme. This pilot is one of four pilots that are exercised under the new payment terminal certification scheme for European banks. The pilot is setup by a combination of European Common Criteria Schemes and Approval Bodies of European Banks.
In the pilot Brightsight evaluated the VeriFone Mx915 & Mx925 payment terminal. This terminal has a Linux-based OS and supports NFC/Contactless. The security requirements of this evaluation are defined in the Point of Interaction (POI) Protection Profile, developed by Joint Interpretation Library Terminal Evaluation Subgroup (JTEMS). The Protection Profile includes the Payment Card Industry PIN Entry Device security requirements and the European banks Common Approval Scheme (CAS) security requirements.
Please contact firstname.lastname@example.org for more information (considering the number of accronyms and organisations involved we can imagine you may have questions).
Another outcome of this pilot is that the Dutch Common Criteria Scheme is qualified for “HW Devices with Security Boxes” for EAL1 to EAL7 within the SOGIS agreement. This means that the results of Brightsight’s Common Criteria evaluations are accepted by all European countries that participate in the SOGIS.
The POI Protection Profile is required for the UK market and accepted by other European Banking Approval Bodies. As the Protection Profile is based on PCI PIN Transaction Security (PTS) Devices requirements, Brightsight can combine evaluations leading to multiple approvals.