Applus+ Laboratories accredited by EMVCo as software-based mobile payment (SBMP) evaluation laboratory

20/01/2019
    With this new recognition, Applus+ expands its portfolio of security services aimed at mobile payment solutions based on the emulation of secure chips.
    Applus+ Laboratories has been accredited by the EMVCo consortium* as an SBMP (software-based mobile payment) evaluation laboratory. With this new accreditation, Applus+ broadens its remit as an EMVCo security laboratory as well as its portfolio of mobile payment solution services.
    The new EMV SBMP certification scheme is aimed at devices carrying out EMV payment transactions on smartphones and other such products by way of software that emulates a card’s secure element.

    Evaluating the robustness of software countermeasures

    Payment solutions based solely on software do not offer the same intrinsic level of security as is provided by a secure element (hardware). As such, they rely on security countermeasures such as white box cryptography, obfuscation, anti-cloning (device binding), anti-tampering and anti-debugging. Applus+, as an EMV SBMP-accredited laboratory, can evaluate the robustness of such security countermeasures.

    EMVCo SBMP evaluation versus Visa, MasterCard and Amex HCE evaluations

    EMVCo SBMP certification complements the HCE payment-application evaluations developed by Visa, MasterCard and AMEX. The key difference is that the latter schemes’ evaluations centre on the security of the payment application itself, while the EMVCo SBMP evaluation is aimed at the software modules, such as cryptographic modules, that confer security countermeasures on a given device.
     
     
    *EMVCo accreditation does not under any circumstances include any endorsement or warranty regarding the functionality, quality or performance of any particular product or service. EMVCo does not warrant any products or services provided by third parties. EMVCo accreditation does not under any circumstances include or imply any product warranties from EMVCo, including, without limitation, any implied warranties of merchantability, fitness for purpose, or non-infringement, all of which are expressly disclaimed by EMVCo. All rights and remedies regarding products and services which have received EMVCo accreditation shall be provided by the party providing such products or services, and not by EMVCo.
     
     

    Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

    Cookie settings panel