Getting PCI-PTS, Common.SECC or other certifications for your payment terminal

I need a certification for my payment terminal product

Brightsight performs 300 evaluations yearly on payment terminals achieving approvals for multiple banking schemes. The value of Brightsight is that we understand the specifics of all those schemes. Resulting in supporting you getting an approval in limited time-to-market.

Fields of expertise

  • Payment Industry
  • Identification
  • Banking
  • Mobile Payment
  • Embedded Systems

Some of our customers

  • Ingenico
  • Landi
  • PAX
  • Verifone
  • Worldline

The process of getting a certificate

Brightsight offers several services to customers who aim security evaluation for their payment terminal product

 

Customised Training

  • PIN Entry Device and terminal security training
  • CC training
  • Dedicated subjects: Android, TEE

Pre-evaluation

  • Design and / or code review
    Identify possible weaknesses in the security architecture of the payment terminal in an early stage.
  • Pre-testing
    Perform a pre-defined set of penetration tests on the hardware part of your product.
  • CC document review
    Verify the completeness in content, presentation and readability of CC evidence.

Security evaluation

Brightsight performs security evaluation for several schemes, see list below.

Brightsight is able to support you at any stage of the development and has a proven concept and track record in supporting you getting certifications.

 

PCI-PTS Approval

The most recognized and well-known certification in this area. It is required for terminals processing e.g. American Express, Discover, JCB, MasterCard or Visa transactions. The requirements for this certification are the basis of many other banking schemes.

Certification in Europe

Germany and the United Kingdom have harmonized their requirements in Common.SECC. Other countries have their own certification body, based on PCI but with different reporting requirements.

APCA Approval

The Australian Banking Scheme has dedicated requirements that partly overlap with the PCI-PTS requirements.

Visa Ready Partner Program

The Visa program is dedicated to mobile point of sale terminals.

Evaluations on related products

For the same approval bodies similar products can also be evaluated, such as Electronic PIN Pad (EPP), Unattended Payment Terminals (UTP), Host Security Modules (HSM)