Security

RFI: security experts

RFI can provide security services beyond those needed for type approval, due to our combined expertise in smart cards and terminals for payment, telecom and identity markets as well as 20 years’ experience in RF evaluation and testing.

Terminals

PIN Entry Devices (PEDs) and any terminal offering financial transaction security (POS, UPT and Encrypting PinPad) must comply with PCI (Payment Card Industry)/PTS security standards. PEDs are evaluated against the PCI security requirements which focus on PIN and sensitive data protection security compliance. The PED Testing and Approval Program ensures the device meets a prescribed level of security, especially focusing on PIN compromise.

We recommend you go through EMV Level 1 Type Approval before submitting a PIN Entry Device for the PCI PED Approval.To help you best prepare your PCI Security Standards Council (PCI SSC) PTS project, we strongly recommend you maintain a close and permanent contact with RFI.

Cards

The Visa Risk Implementation Review, Mastercard CAST and EMVCo SEWG ICC security evaluations focus on physical and logical security issues related to smart card operations. They takes into account various well-known attacks, and verify that no secret information can be leaked out of the card.

Our security team offer global consulting services to assess the vulnerability of smart contact and contactless cards, including:

• Security evaluation scoping
• Security code review
• Security recommendation
• Physical and Logical Static Analysis
• Side channel: SPA, DPA and EMA assessments
• Environmental Stress
• Fault injection analysis: lights, voltage, frequency combination 
• Timing Analysis
• RF Eavesdropping
• Cross-talk and Handover for dual interface cards

Contact us to find out more about our security services, or ask an expert.