Applus+ Laboratories conducts security evaluations of smart terminals, based on contact and contactless technology. We collaborate with terminal manufacturers for diverse industrial applications, such as payments, health or transport. Our testing services and vulnerability assessments allow us to detect possible vulnerabilities against malicious attacks.


Security Certification for terminals in different end markets and use cases

Technological systems based on smart cards and smart terminals are used in a wide range of industries, such as payment, healthcare, transport and identification. Each market has its own specific security requirements and their stringency varies hugely based on how critical the data stored and transmitted is.

In order to operate in some geographical markets or industrial sectors, terminals must be certified and have passed a security evaluation before gaining market access. These requirements can be part of the national legislation or be minimum safety requirements that private companies demand of their suppliers.  

  • Germany has stringent security requirements for terminals in sectors like payment or healthcare. Payment terminals need a Common.SECC certificate based on the Common Criteria methodology and the protection profile for terminals (PP-POI). In the healthcare sector, terminals used to validate health cards like Healthcare Card Terminal (HCT) or Mobile Card Terminal (MobCT) also require a Common Criteria certificate, recognized by Gematik.
  • In the United Kingdom, payment terminals also require a Common.SECC certificate to access the market.
  • In the European Union, road transport is regulated and the use of digital tachographs is mandatory to monitor vehicle speed and drivers’ compulsory work breaks. The EU requires the terminals of vehicles’ tachograph systems to pass a Common Criteria security evaluation (PP 0094b Digital Tachograph – Vehicle Unit (VU PP)).
  • Canada has set up a new directive for road transport in line with the EU. The regulation, still being defined, will also require an independent security evaluation body. 

Evaluations services for Smart Terminals

Applus+ Laboratories conducts security evaluations for smart terminals in different use cases, be it through recognized security certifications, like Common Criteria, PCI-PTS and Common.SECC, or through independent evaluations.
Additionally, our accreditations and technical capabilities allow us to evaluate smart terminals and all the elements that are part of the security box that make up a secure system. 
In the payments sector, Applus+ is a recognized lab in the testing of the functional compliance of payment terminals, according to different payment scheme specifications (EMVCo, Visa, Amex, etc.).



Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.

Cookie settings panel