EMVCo Approved Certification

EMVCo facilitates worldwide interoperability and acceptance of secure payment transactions. Supported by dozens of banks, merchants, processors, vendors and other industry stakeholders, EMVCo manages and evolves the EMV® specifications and related testing processes covering card and terminal evaluation, security evaluation, and management of interoperability issues.

Trustonic’s Application Security was the first security solution to be EMVCo-certified. This certification helps developers protect mobile payment and acceptance apps with in-app protection and a hardware-backed Trusted Execution Environment. This evaluation process confirms that the Trustonic TEE provides a robust security foundation that meets the requirements of software-based mobile payment (SBMP) and acceptance solutions.

emvco.com

PCI Security Standards Council

The PCI SSC leads a global, cross-industry effort to increase payment security by providing flexible, industry-driven and effective data security standards and programs. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process and preventing, detecting and mitigating criminal attacks and breaches.

As a Participating Organization, Trustonic adds its voice to the standards development process and will collaborate with a growing community of more than 800 Participating Organizations to improve payment security worldwide.

pcisecuritystandards.org

Common Criteria Certification

Trustonic became the first vendor globally to achieve Common Criteria security certification for a Trusted Execution Environment (TEE) device security product. The certification of Trustonic’s Kinibi TEE paved the way for mass market delivery of trusted services on connected devices.

Common Criteria certification, which has been performed in line with the GlobalPlatform TEE Protection Profile, gives device manufacturers, in the mobile and IoT space, confidence that Trustonic’s TEE product meets an industry-defined security baseline.

commoncriteriaportal.org

FIPS 140-2 Certification

Trustonic’s FIPS 140-2 certified cryptographic library enables service providers to secure applications on devices in line with a world-leading security standard

Trustonic’s cryptographic library has been validated in line with the Federal Information Processing Standard (FIPS) 140-2. This new certification ensures that apps developed using Trustonic’s security technology meet the stringent security requirements implemented by both the US government and other regulated industries.

nist.gov

TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments

GlobalPlatform Compliant

GlobalPlatform is a non-profit industry association driven by over 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Trustonic leads the Trusted Execution Environment (TEE) Committee within GlobalPlatform to drive forward standardisation. Trustonic’s products are certified to be GlobalPlatform compliant.

globalplatform.org

ANSSI Security Visa Certification

Trustonic has been awarded the new Security Visa by the French National Cybersecurity Agency. This prestigious stamp of approval is used by the Agence nationale de la sécurité des systèmes d’information (ANSSI) to help commercial businesses and government organizations make informed decisions about cybersecurity solutions.

The ANSSI Security Visa recognizes the most secure, reliable and robust solutions. This certification is based on extensive penetration testing and in-depth analysis which ensures compliance with stringent international standards.

ssi.gouv.fr

Certification Labs

Trustonic has a close working relationship with Riscure, Thales and other certification labs. These labs have evaluated both our Trusted Execution Environment (TEE) and the our Application Security solution.

riscure.com

ISO 27001

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for assessing and treating information security risks tailored to the organisation’s needs.

QEC Certified Trustonic’s compliance with Information Security Management System (ISMS) standards in relation to the Telecoms Platform product and all our supporting systems. This means Trustonic’s security risk handling for the Telecoms Platform meets or surpasses the required risk assessment and management standards. In addition, as shown by QEC’s audit, Trustonic systems look at all the relevant risks and have mitigated or eliminated those risks.