Applus+ Laboratories conducts security evaluations of payment terminals according to the Common.SECC certification scheme, a prerequisite to access the German and British markets.
Common.SECC is a private certification scheme for payment terminals. This scheme bases its evaluations on SOGIS’s certified protection profile ‘Point of Interaction (POI’s)’.
The security evaluation follows the Common Criteria methodology and the Common.SECC scheme itself acts as Certification Body, revising the security declaration of the product, as well as the laboratory evaluation reports.
In order to conduct evaluations for Common.SECC, laboratories must be accredited by SOGIS in the field technical domain of ‘Hardware Devices with Security Boxes’ and be an active part of the JTEMS work group. This group is in charge of maintaining the POI’s Protection Profile and defining the attack methodologies to be followed by all the laboratories.
Common.SECC certificates are recognized by the German Bank Industry Committee (GBIC) and UK Finance (UKF), and are a prerequisite to access the German and UK markets.
A Common.SECC certificate is valid for a specific POI, with a specific version of hardware and software. The different patches, updates and variations that affect the security of a POI will be considered by Common.SECC as a new or modified POI, and a re-evaluation will be required.
Common.SECC publishes all approved products on their website so that end clients may choose from the list of approved products.
Applus+ is an IT Security Evaluation Facility (ITSEF) accredited to conduct Common Criteria evaluations up to EAL6+ and SOG-IS for the technical field domain of ‘Hardware Devices with Security Boxes’. We will take an active part role in the JEDS and JTEMS work groups.
At Applus+ we manage whole process leading up to the obtaining of the Common.SECC certification of the payment terminal.