EMVCo, the standards body collectively owned by American Express, JCB, MasterCard and Visa, has officially recognised the GlobalPlatform Compliance Program for validating secure elements as an integral part of its mobile payment certification process.
The move means that secure elements will now go through a multi-step certification process that ensures all parties’ requirements are met without work being duplicated.
Under the new agreement, secure elements will first be required to pass GlobalPlatform’s certification process, to prove that the secure element will perform in a consistent manner according to GlobalPlatform specifications. The secure element will then receive a letter of qualification that will be used to prove to EMVCo that it meets core requirements.
EMVCo will then test the secure element’s application activation user interface, to ensure that the end user will be able to easily select their preferred payment provider via the screen of their mobile handset. EMVCo will also continue to manage its own security evaluation process, which certifies that the secure element meets the required payment security standards.
The final certification stage will be carried out by individual payment schemes — as is the process today for chip-enabled payment cards — to certify that their respective payment application is ready for market release.
“EMVCo is working with a number of industry bodies in the mobile payments area to ensure that we create a workable, efficient and trusted transaction infrastructure,” says Patricia Partelow, chair of EMVCo’s executive committee. “At the same time, the end-to-end solution — which incorporates mobile devices, terminals and the backend systems — must be interoperable globally, regardless of technology adopted, to deliver ultimate user convenience. We believe that GlobalPlatform’s Compliance Program is a key step in achieving this goal and creating a sustainable and scalable framework to be implemented by the payment and mobile communities.”