atsec information security is thrilled to announce today that EMVCo recognized atsec as a laboratory authorized to perform security evaluations under the EMVCo Software-Based Mobile Payment (SBMP) program. This recognition further strengthens atsec’s position as a trusted provider of high-assurance security evaluation services for the global payments industry, as EMVCo is the global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions.
Now listed by EMVCo as a recognized laboratory on its official website, atsec can help financial institutions, payment application providers, and product vendors assess the security compliance of their software-based mobile payment solutions against EMVCo’s rigorous SBMP requirements.
The EMVCo SBMP program is a globally recognized security evaluation framework designed to assess whether software-based mobile payment components and solutions—including mobile payment applications, Software Development Kits (SDKs), Trusted Execution Environments (TEEs), Consumer Device Cardholder Verification Methods (CDCVM), attestation mechanisms, and software protection tools—meet a sufficient level of security to safeguard sensitive payment data and transactions against real-world attacker techniques such as static analysis, dynamic analysis, reverse engineering, hooking, fault injection, and tampering. The evaluation process provides a standardized path for vendors to obtain a security evaluation certificate that demonstrates their solutions are secure and compliant with industry standards.
To become an EMVCo recognized laboratory for SBMP security evaluations, atsec has demonstrated deep expertise in mobile and software security, enabling it to deliver rigorous, efficient, and reliable security evaluations that help vendors navigate the SBMP certification process with confidence.
During a SBMP security evaluation, atsec employs a comprehensive methodology that includes code and documentation review, vulnerability analysis, and penetration testing to ensure that the evaluated solution complies with EMVCo’s SBMP security requirements. atsec’s evaluators assess whether a mobile payment application or component can withstand defined categories of attack, providing vendors with actionable insights to strengthen their security posture. By leveraging atsec’s proven evaluation approach, organizations can gain confidence that their SBMP security assessment aligns with EMVCo’s expectations, ultimately helping them achieve certification and bring secure payment solutions to market more efficiently. atsec’s recognized information can be found on EMVCo’s official website.
In addition to EMVCo recognition, atsec is also accredited in numerous other security programs, including as a Common Criteria evaluation laboratory, FIPS 140-3 cryptographic module testing laboratory, PCI Qualified Security Assessor (QSA), ASV, 3DS assessor, P2PE, CPSA, and PFI, as well as being an accredited assessor for Secure Software and Secure SLC, and PIN security. This broad portfolio of accreditations enables atsec to offer a comprehensive range of services to support organizations in achieving security compliance across both the payment industry and broader financial services industry.
For more information about atsec’s EMVCo SBMP security evaluation services, feel free to contact us.
