UL can help mitigate risk and streamline market approval.
Across the secure transaction payment industry, UL offers a comprehensive range of security evaluation services to help providers of payment technology get to market in the most efficient way possible.
UL’s extensive experience in the detailed review of payment software and hardware security allows us to deliver timely and cost-effective reports, and also expert guidance, as early as the design stage. UL additionally offers training in the various complex industry standards around the world.
Payment terminals need to be assessed against the latest security requirements. UL provides services for the Visa Ready Program, PCI standard and Common Criteria/FIPS.
PCI is an independent, self-funded organization that creates and manages security standards for credit card payments. PCI is formed by the card schemes but not funded or operated by them, and standards must still pass through an executive committee of PCI brands.
All companies that process, store or transmit credit card information need to comply with the PCI Security Standards Council’s regulations. This includes merchants, service providers (with regard to storing data) and terminal vendors that develop PIN devices which need to maintain a certain level of PCI security.
Common Criteria is a framework in which product users can specify their security requirements. Vendors can then implement the security attributes of their products, and accredited security laboratories will evaluate the products to determine if they actually meet the claims. Common Criteria serves to provide a level of assurance that the process of specification, implementation and evaluation of a security product has been conducted in a rigorous and standard manner.
Common Criteria also gives customers more confidence in the security of smart cards so vendors can target specific security needs. All evaluation services are performed against ISO17025 accreditation quality standards. Those certificates are internationally recognized, through the Common Criteria Recognition Arrangement (CCRA) and the Senior Officials Group Information Systems Security (SOG-IS) Mutual Recognition Agreement (MRA).
Being a Common Criteria laboratory enables us to offer a unique set of integrated and optimized services for all your security evaluation needs. Through a partnership with a set of expert Common Criteria partners and external consultants, we deliver independent support and evaluation services to you.