transaction security

Transaction SecurityTest & Certification and Security Evaluation

Through the acquisitions of RFI Global in 2010 and Witham Laboratories and Collis

in 2012, UL is uniquely positioned as the world’s number one competence center in

transaction security technology. UL acts as your independent, trusted partner for end-

to-end transaction security services for the mobile, payment, e-Ticketing and ID man-

agement sectors on a global scale.

UL´s comprehensive transaction security service line provides advisory services, expert

training courses, test tools and simulators, test and certification services and security

evaluation services. Our thought leadership, close involvement with leading industry

bodies and extensive experience enables us to keep up with the rapid pace of transac-

tion innovation for years to come.

Your independent, trusted partnerfor transaction security technology

UL is a world leader in advancing safety with over a hundred years of history. Employing more than 10,000

professionals in over 100 countries, UL has five distinct business units - Product Safety, Environment, Life & Health,

Knowledge Services and Verification Services – to meet the expanding needs of our customers and to deliver on our

public safety mission.

Welcome to UL

Advancing security

UL Transaction Security 2

UL’s Transaction Security

service line is the front

runner in innovations and

involved in major NFC/

TSM implementation

projects worldwide.

Leading the way in your

journey towards secu-

rity and interoperability

through advice, compli-

ance and knowledge.

Complying with the latest

Industry standards

Advancing security

• Accredited to (pre)certify and evaluate

products and systems for the seven big-

gest payment schemes in the world.

• Our services are endorsed by recog-

nized regulators and certification bodies,

including EMVCo, PCI, American Express,

Discover, Diner’s, Interac, JCB, MasterCard

and Visa, and UK CESG.

• State-of-the art test labs in Europe,

Asia, Pacific and North America to per-

form security evaluations and/or

functional testing.

• Helping you to achieve successful and

secure NFC/TSM implementations via

our mobile test centers.

• Official MasterCard Formal Approval

Services Provider for your card and mo-

bile personalization validation (CPV) and

terminal validation (M-TIP), both contact

and contactless.

• Your one-stop-shop for all test services,

certification and security evaluation ser-

vices by providing you with solutions for

your POS, ATM, (embedded) smart cards

and mobile handsets.


Our services and solutionsyour benefits

Advisory services

Being the leading knowledge partner in major innovative technology projects means

we understand industry developments and how this may affect your business. Linking

the physical world to the virtual world and guiding you through the transaction secu-

rity process from start to finish.

Endorsed training courses

Our training courses are endorsed by payment schemes and address the latest busi-

ness and technical best practices, gained from leading turn-key projects worldwide.

State-of-the-art test tools

UL offers state-of-the-art test tools and simulators through the Collis and Aspects port-

folio of tools. The Collis and Aspects test tools are accredited by the leading payment

schemes and industry bodies and ensure your test processes are simple and efficient.

Proven test and certification services

Your products and systems need to comply with industry standards and protocols. Our

test centers are certified and accredited to evaluate, execute and manage certifications

according to various protocols and mandates. We ensure compliance with specifica-

tions so that you can launch your systems and products with confidence.

Security evalution

Providing confidence in your products by ensuring they conform to the latest state-of-

the-art industry security implementation guidelines.

Working together towards security and interoperability


UL’s Transaction Secu-

rity team consists of 250

professionals around the

world, supporting you with

the design and definition

of your projects, through

to development and

deployment.

Working together towards security and interoperability

End-to-end transaction security

Services

Transaction SecurityExpertise

Advisory Services

Security Evaluation

Test & Certification

Training Test Tools & Simulators

Mobile Payment

e-TicketingIDM

HealthEnergy


Test CentersMAnAgIng YOur CErTIfICATIOn PrOjECT frOM STArT TO fInISH

What are the security requirements on next generation smart cards? How do you en-

sure compliance with the latest standards and regulations? Partner with UL to ensure

secure and interoperable products and systems as well as utilize our industry expertise

to advance your technology beyond tomorrow.

Complete management of your certification project

Your smart card, (embedded) secure element, key fob, handset, POS, ATM or any other

type of terminal has to be tested and validated before releasing it to the market. Our

test centers are equipped with a knowledgeable team of experts, that can manage your

certification process from start to finish. You can confidently leave test management,

including testing, certification and validation up to us. Our long-standing relationship

with industry bodies and regulators help you with best and optimized approaches for

getting a product through the approval process.

Mobile interoperability testing

Mobile Commerce is gaining momentum with concepts such as Trusted Service Manag-

er (TSM) and Near Field Communication (NFC) technology. In most NFC/TSM infrastruc-

tures it is expected that Mobile Network Operators (MNOs) and Service Providers (SPs)

will collaborate via the TSM system. The success of a NFC/TSM infrastructure depends

very much on the interoperability of all the elements/components to the existing stan-

dards. Otherwise, with potentially infinite combinations of solutions/components, it

is virtually impossible to achieve the goal of a widely accepted and interoperable NFC/

TSM infrastructure. Our mobile test center assists you with achieving successful imple-

mentation of an NFC/TSM structure in the most secure manner possible.

Ensuring secure and interoperable products and systems


The world of smart cards

and terminals is complex

and regulated. What stan-

dards are involved? What

mandates should you

look out for? How can you

ensure you pass the right

test at the right time?

Our test centers are

equipped to perform the

necessary approvals for a

successful market launch

of your products and

systems.

Ensuring secure and interoperable products and systems

Compliance equals

Confidence

“We are pleased that UL Transac-

tion Security, a recognized player

in the chip market, is accredited as

the Formal Approval Service Pro-

vider for delivery of CPV and M-TIP

services to MasterCard customers.”

- MasterCard Worldwide


In the payments ecosystem, EMVCo and PCI are responsible for overseeing the certifica-

tion process of chip, chip cards, secure elements and open platforms as well as point-

of-interaction (POI) devices. The payment schemes will be responsible for their own

payment applications. The security evaluation processes defined by EMVCo, PCI and

payments schemes are mandatory processes for all IC-based products carrying pay-

ment schemes brand, regardless of the form factor.

In the mobile ecosystem, organizations such as GlobalPlatform are involved to set se-

curity guidance. At local organizational level, some specific security requirements may

be mandated. For instance, the European Card Payment organization would regulate

the Common Approval Program for cards and POI devices under a common criteria

evaluation scheme.

As experts in the field of the mobile and payment domains, we offer you:

• Functional Level 1 and Level 2 testing and validation services

• Strong experience of approval processes for all payment schemes

• Industry-recognized quality of evaluation reports for optimized reviewing process

• Dedicated experts in all areas of security, such as cryptography, JavaCard, GlobalPlat-

form and software

• Comprehensive attack platforms which demonstrate our hands-on knowledge on

state-of-art attacks methods

• Expert industry knowledge through active contribution to security working groups,

such as JHAS, JTEMS, ISCI-WG1

• Evaluation of closed and open platform embedded devices with complex form

factors and interfaces

Security EvaluationAgAInST STATE-Of-THE-ArT rEgulATIOnS

Offering security

evaluation services

that are endorsed by

recognized regulators

and certification bod-

ies, such as EMVCo and

PCI, as well as payment

schemes, American Ex-

press, Discover Financial

Services, JCB Interna-

tional, MasterCard and

Visa, and UK CESG.

Comply with mandatory evaluation processes


Detailed security

Assessments

“UL’s test practices are optimised

to suit our business environment.”

- ING Bank, The Netherlands

Comply with mandatory evaluation processes


Test & Certification ServicesTAkIng THE lAST MAnDATOrY STEP

Thorough and professional testing to reach certification


Being accredited for CPV

and M-TIP Formal Ap-

proval Services, and of-

fering MasterCard quali-

fied testing/certification

tools, we can provide

you with modulated

service which covers the

entire scope to ensure

an efficient and effective

approval process.

In all technology migration projects, certification is the last mandatory step that needs

to be taken before issuing and acquiring infrastructures are allowed to be taken into

production. Certification is required by payment schemes and local switching networks

to ensure interoperability towards all participating members. Our wide range of certifi-

cation services includes terminal to host protocol certification (domestic protocols such

as APACS, C-TAP and international protocols such as EPAS and IFSF), brand certification

(MasterCard M-TIP, Visa ADVT, American Express AEIPS, Discover D-PAS), network in-

terface validations, cash register integration testing and merchant acceptance testing,

host testing and certification, security testing, key management and data encryption,

terminal processing testing and load and performance testing.

Apart from offering you a wide portfolio of certification services, UL also provides vali-

dation services. UL is a MasterCard accredited Service Provider and can deliver Card

Personalization Validation (CPV) and Terminal Integration Process (M-TIP) Formal Ap-

proval Services. MasterCard imposes these services on issuers and acquirers introduc-

ing a new MasterCard branded card or terminal. We adhere to the strictest time lines

and have decades of experience in providing quality assurance services. We can also

provide assistance with validation of other major payment brands.

Combining our test center offering, security evaluation and test and certification ser-

vices, means you can rely on the most complete knowledge, whilst profiting from the

convenience of one competence center to deliver this to you.

Thorough and professional testing to reach certification

Ensuring interoperability through

Certification

“Going through an EMV acquirer

certification process is a big chal-

lenge for an ATM network. UL’s

Transaction Security team is really

committed to provide excellence in

what they do.”

- Servibanca, Colombia


global Contacts

Europe

Basingstoke, UKP: +44 125 631 2000

Edinburgh, UKP: +44 131 225 9500

Helsinki, FinlandP: +31 71 581 3636

Leiden, The NetherlandsP: +31 71 581 3636

north America

Bloomington, USAP: +1 855 730 9827

latin America

São Paulo, BrazilP: +31 71 581 3636

Middle East & Africa

Dubai, United Arab EmiratesP: + 971 50 674 2380

Asia

SingaporeP: +65 68 90 6440

Guangzhou, China P: +86 847 209 2945

Hong KongP: +852 6050 9972

Pacific

Melbourne, AustraliaP: +61 3 9846 2751

Auckland, New ZealandP: +64 9 414 9587

E: [email protected] / W: www.ul-ts.com

UL and the UL logo are trademarks of UL LLC © 2012

transaction security

Documents