With the SBMP evaluation process, Product Providers can be granted a security evaluation certificate for their Software-Based Mobile Payment components or solutions (e.g. TEE, CDCVM, Attestation, Software Protection Tools, Mobile Applications and related Software Development Kits (SDK)).
The detailed process for security evaluation of an SBMP solution or component is available here. Its major steps can be summarized as follows:
Prior to being allowed to submit an SBMP solution or component for security certification, the following steps must be fulfilled:
The Product Provider must have been registered as an EMVCo Vendor, following the registration process described here.
After registration, the Product Provider must have signed a Security Evaluation Agreement with EMVCo’s Security Evaluation Working Group (SEWG). Contact the SBMP Security Evaluation Secretariat to trigger this signature process.
For each submission of an SBMP component or solution for review, either for a new product, a certificate renewal or an update, specific registration fees shall be paid to EMVCo, as detailed in SE Bulletin #15.
EMVCo's new website and Participant Dashboard are now live. To access your account for the first time on our new website you'll need to carry out a password reset here. You will then be sent an email to reset your password.
EMVCo Associates, Subscribers and public users of emvco.com can create accounts to manage their engagement and participation with EMVCo. Using your EMVCo account, you can create your own watchlist of EMV technologies documents, monitor queries and responses, and manage your profile.
