transaction security
TRANSCRIPT
Through the acquisitions of RFI Global in 2010 and Witham Laboratories and Collis
in 2012, UL is uniquely positioned as the world’s number one competence center in
transaction security technology. UL acts as your independent, trusted partner for end-
to-end transaction security services for the mobile, payment, e-Ticketing and ID man-
agement sectors on a global scale.
UL´s comprehensive transaction security service line provides advisory services, expert
training courses, test tools and simulators, test and certification services and security
evaluation services. Our thought leadership, close involvement with leading industry
bodies and extensive experience enables us to keep up with the rapid pace of transac-
tion innovation for years to come.
Your independent, trusted partnerfor transaction security technology
UL is a world leader in advancing safety with over a hundred years of history. Employing more than 10,000
professionals in over 100 countries, UL has five distinct business units - Product Safety, Environment, Life & Health,
Knowledge Services and Verification Services – to meet the expanding needs of our customers and to deliver on our
public safety mission.
Welcome to UL
Advancing security
UL Transaction Security 2
UL’s Transaction Security
service line is the front
runner in innovations and
involved in major NFC/
TSM implementation
projects worldwide.
Leading the way in your
journey towards secu-
rity and interoperability
through advice, compli-
ance and knowledge.
Complying with the latest
Industry standards
Advancing security
• Accredited to (pre)certify and evaluate
products and systems for the seven big-
gest payment schemes in the world.
• Our services are endorsed by recog-
nized regulators and certification bodies,
including EMVCo, PCI, American Express,
Discover, Diner’s, Interac, JCB, MasterCard
and Visa, and UK CESG.
• State-of-the art test labs in Europe,
Asia, Pacific and North America to per-
form security evaluations and/or
functional testing.
• Helping you to achieve successful and
secure NFC/TSM implementations via
our mobile test centers.
• Official MasterCard Formal Approval
Services Provider for your card and mo-
bile personalization validation (CPV) and
terminal validation (M-TIP), both contact
and contactless.
• Your one-stop-shop for all test services,
certification and security evaluation ser-
vices by providing you with solutions for
your POS, ATM, (embedded) smart cards
and mobile handsets.
UL Transaction Security 3
Our services and solutionsyour benefits
Advisory services
Being the leading knowledge partner in major innovative technology projects means
we understand industry developments and how this may affect your business. Linking
the physical world to the virtual world and guiding you through the transaction secu-
rity process from start to finish.
Endorsed training courses
Our training courses are endorsed by payment schemes and address the latest busi-
ness and technical best practices, gained from leading turn-key projects worldwide.
State-of-the-art test tools
UL offers state-of-the-art test tools and simulators through the Collis and Aspects port-
folio of tools. The Collis and Aspects test tools are accredited by the leading payment
schemes and industry bodies and ensure your test processes are simple and efficient.
Proven test and certification services
Your products and systems need to comply with industry standards and protocols. Our
test centers are certified and accredited to evaluate, execute and manage certifications
according to various protocols and mandates. We ensure compliance with specifica-
tions so that you can launch your systems and products with confidence.
Security evalution
Providing confidence in your products by ensuring they conform to the latest state-of-
the-art industry security implementation guidelines.
Working together towards security and interoperability
UL Transaction Security 4
UL’s Transaction Secu-
rity team consists of 250
professionals around the
world, supporting you with
the design and definition
of your projects, through
to development and
deployment.
Working together towards security and interoperability
End-to-end transaction security
Services
Transaction SecurityExpertise
Advisory Services
Security Evaluation
Test & Certification
Training Test Tools & Simulators
Mobile Payment
e-TicketingIDM
HealthEnergy
UL Transaction Security 5
Test CentersMAnAgIng YOur CErTIfICATIOn PrOjECT frOM STArT TO fInISH
What are the security requirements on next generation smart cards? How do you en-
sure compliance with the latest standards and regulations? Partner with UL to ensure
secure and interoperable products and systems as well as utilize our industry expertise
to advance your technology beyond tomorrow.
Complete management of your certification project
Your smart card, (embedded) secure element, key fob, handset, POS, ATM or any other
type of terminal has to be tested and validated before releasing it to the market. Our
test centers are equipped with a knowledgeable team of experts, that can manage your
certification process from start to finish. You can confidently leave test management,
including testing, certification and validation up to us. Our long-standing relationship
with industry bodies and regulators help you with best and optimized approaches for
getting a product through the approval process.
Mobile interoperability testing
Mobile Commerce is gaining momentum with concepts such as Trusted Service Manag-
er (TSM) and Near Field Communication (NFC) technology. In most NFC/TSM infrastruc-
tures it is expected that Mobile Network Operators (MNOs) and Service Providers (SPs)
will collaborate via the TSM system. The success of a NFC/TSM infrastructure depends
very much on the interoperability of all the elements/components to the existing stan-
dards. Otherwise, with potentially infinite combinations of solutions/components, it
is virtually impossible to achieve the goal of a widely accepted and interoperable NFC/
TSM infrastructure. Our mobile test center assists you with achieving successful imple-
mentation of an NFC/TSM structure in the most secure manner possible.
Ensuring secure and interoperable products and systems
UL Transaction Security 6
The world of smart cards
and terminals is complex
and regulated. What stan-
dards are involved? What
mandates should you
look out for? How can you
ensure you pass the right
test at the right time?
Our test centers are
equipped to perform the
necessary approvals for a
successful market launch
of your products and
systems.
Ensuring secure and interoperable products and systems
Compliance equals
Confidence
“We are pleased that UL Transac-
tion Security, a recognized player
in the chip market, is accredited as
the Formal Approval Service Pro-
vider for delivery of CPV and M-TIP
services to MasterCard customers.”
- MasterCard Worldwide
UL Transaction Security 7
In the payments ecosystem, EMVCo and PCI are responsible for overseeing the certifica-
tion process of chip, chip cards, secure elements and open platforms as well as point-
of-interaction (POI) devices. The payment schemes will be responsible for their own
payment applications. The security evaluation processes defined by EMVCo, PCI and
payments schemes are mandatory processes for all IC-based products carrying pay-
ment schemes brand, regardless of the form factor.
In the mobile ecosystem, organizations such as GlobalPlatform are involved to set se-
curity guidance. At local organizational level, some specific security requirements may
be mandated. For instance, the European Card Payment organization would regulate
the Common Approval Program for cards and POI devices under a common criteria
evaluation scheme.
As experts in the field of the mobile and payment domains, we offer you:
• Functional Level 1 and Level 2 testing and validation services
• Strong experience of approval processes for all payment schemes
• Industry-recognized quality of evaluation reports for optimized reviewing process
• Dedicated experts in all areas of security, such as cryptography, JavaCard, GlobalPlat-
form and software
• Comprehensive attack platforms which demonstrate our hands-on knowledge on
state-of-art attacks methods
• Expert industry knowledge through active contribution to security working groups,
such as JHAS, JTEMS, ISCI-WG1
• Evaluation of closed and open platform embedded devices with complex form
factors and interfaces
Security EvaluationAgAInST STATE-Of-THE-ArT rEgulATIOnS
Offering security
evaluation services
that are endorsed by
recognized regulators
and certification bod-
ies, such as EMVCo and
PCI, as well as payment
schemes, American Ex-
press, Discover Financial
Services, JCB Interna-
tional, MasterCard and
Visa, and UK CESG.
Comply with mandatory evaluation processes
UL Transaction Security 8
Detailed security
Assessments
“UL’s test practices are optimised
to suit our business environment.”
- ING Bank, The Netherlands
Comply with mandatory evaluation processes
UL Transaction Security 9
Test & Certification ServicesTAkIng THE lAST MAnDATOrY STEP
Thorough and professional testing to reach certification
UL Transaction Security 10
Being accredited for CPV
and M-TIP Formal Ap-
proval Services, and of-
fering MasterCard quali-
fied testing/certification
tools, we can provide
you with modulated
service which covers the
entire scope to ensure
an efficient and effective
approval process.
In all technology migration projects, certification is the last mandatory step that needs
to be taken before issuing and acquiring infrastructures are allowed to be taken into
production. Certification is required by payment schemes and local switching networks
to ensure interoperability towards all participating members. Our wide range of certifi-
cation services includes terminal to host protocol certification (domestic protocols such
as APACS, C-TAP and international protocols such as EPAS and IFSF), brand certification
(MasterCard M-TIP, Visa ADVT, American Express AEIPS, Discover D-PAS), network in-
terface validations, cash register integration testing and merchant acceptance testing,
host testing and certification, security testing, key management and data encryption,
terminal processing testing and load and performance testing.
Apart from offering you a wide portfolio of certification services, UL also provides vali-
dation services. UL is a MasterCard accredited Service Provider and can deliver Card
Personalization Validation (CPV) and Terminal Integration Process (M-TIP) Formal Ap-
proval Services. MasterCard imposes these services on issuers and acquirers introduc-
ing a new MasterCard branded card or terminal. We adhere to the strictest time lines
and have decades of experience in providing quality assurance services. We can also
provide assistance with validation of other major payment brands.
Combining our test center offering, security evaluation and test and certification ser-
vices, means you can rely on the most complete knowledge, whilst profiting from the
convenience of one competence center to deliver this to you.
Thorough and professional testing to reach certification
Ensuring interoperability through
Certification
“Going through an EMV acquirer
certification process is a big chal-
lenge for an ATM network. UL’s
Transaction Security team is really
committed to provide excellence in
what they do.”
- Servibanca, Colombia
UL Transaction Security 11
global Contacts
Europe
Basingstoke, UKP: +44 125 631 2000
Edinburgh, UKP: +44 131 225 9500
Helsinki, FinlandP: +31 71 581 3636
Leiden, The NetherlandsP: +31 71 581 3636
north America
Bloomington, USAP: +1 855 730 9827
latin America
São Paulo, BrazilP: +31 71 581 3636
Middle East & Africa
Dubai, United Arab EmiratesP: + 971 50 674 2380
Asia
SingaporeP: +65 68 90 6440
Guangzhou, China P: +86 847 209 2945
Hong KongP: +852 6050 9972
Pacific
Melbourne, AustraliaP: +61 3 9846 2751
Auckland, New ZealandP: +64 9 414 9587
E: [email protected] / W: www.ul-ts.com
UL and the UL logo are trademarks of UL LLC © 2012