Product Security Evaluation Services for Payment
In addition to the generally accepted contact and magnetic stripe-based banking cards, other technologies are becoming available for our everyday purchases. Hardware to support contactless payments is being rolled out widely and paving the way to using our smart mobile devices for electronic payments.
Solutions using smart mobile devices are not built with the physical security provisions that we tend to see in traditional payment cards. This is compensated for with different risk management; for example, online monitoring is possible and prime assets are not stored and processed in the physically less protected hardware. Host Card Emulation (HCE) relies heavily on tokenization, where the systems work with credentials that have limited value for criminals.
The introduction of these new technologies has an effect on the security requirements and risk models appropriate in the domains of mobile payment, payment terminals and payment cards. SGS Brightsight offers security evaluation services of global payment solutions to help you mitigate risk and increase transaction trust.
Security evaluations in the payment domain
In addition, SGS Brightsight can support you at any stage of the development process and has a proven concept and track record in helping our customers get certifications:
- Customised training
- PIN Entry Device and terminal security training course
- CC training course
- Dedicated subjects: Android, TEE
- Pre-evaluation
- Design and / or code review
- Identify possible weaknesses in the security architecture of the payment terminal in an early stage.
- Pre-testing
- Perform a predefined set of penetration tests on the hardware part of your product.
- CC document review
- Verify the completeness in terms of content, presentation and readability of CC evidence
Payment Standards & Recognitions
Code Obfuscation
Software Security
Trusted Execution
Domain (TEE)
Smart Card / Contact / Contactless / DI
Payment applets