Find out how EMVCo’s proven security evaluation processes deliver trust and confidence to the IoT payment ecosystem.
The Internet of Things (IoT) is creating new ways to pay. Voice-activated devices, household appliances and cars, to name just a few, all form part of a vast ecosystem of connected objects. And increasingly, these devices are enabled with payment functionality.
IoT undoubtedly presents significant opportunities for the payments industry. But for the huge potential of the IoT to be realised, innovation must be balanced with ensuring security and compatibility.
This is where testing and evaluation plays a critical role. Payments industry stakeholders use EMVCo testing, certification and marks to validate and demonstrate to their customers that their products meet EMV® Specifications. With the IoT ecosystem developing rapidly, EMVCo’s security evaluation processes for both hardware and software contribute to ensuring a consistent and trusted payment experience.
Understanding the Importance of Hardware Assessments
IoT security is an increasingly pressing concern across all industry sectors. Regulators and standards bodies around the world are therefore turning attention towards the robust security benefits of hardware technology. In fact, device hardware evaluations already play an important role with respect to IoT assessments across various IoT payment use cases, security frameworks and emerging compliance models.
EMVCo, in collaboration with globally recognised independent laboratories, has worked since 2005 to evaluate the security of various EMV hardware form factors. These include EMV Integrated Circuit (IC), Platform and Integrated Circuit Card (ICC) products, and more recently embedded Secure Elements (eSE) and System on Chips (SoC).
EMVCo also acts as a security certification entity, as well as developing and maintaining security requirements and guidance for vendors.
Given the increasing role of hardware technology across the IoT, EMVCo has extended its hardware security evaluations function to support IoT payment products and solutions. These established processes mean that emerging IoT payment solutions and devices can be evaluated quickly and efficiently. This promotes security, supports innovation and accelerates time to market.
The Role of Software-Based Security
In addition to hardware product certification, software-based security services are also important to the overall trust framework required for payment solutions and are applicable to most IoT security assessment models emerging today.
In 2018, EMVCo established a Security Evaluation Process for Software-Based Mobile Payments to support the evaluation of payment applications, firmware, and software on mobile devices. This means that EMVCo can also deliver software security assessments of the various interfaces and payment security functional requirements of IoT products.
Evolving and Enhancing
EMVCo supports various testing and certification programmes, and continually seeks ways to evolve and enhance these initiatives to support the broader industry and streamline processes. Through the EMVCo Associates and Subscriber Programmes, hundreds of organisations from around the world contribute their knowledge and expertise to the development of EMV Specifications and related testing and evaluation processes.
To find out more or express an interest in an EMVCo evaluation, please contact the EMVCo Security Evaluation Secretariat.
by Bastien Latge
by Simon Kleine