Security Services

UL performs independent reviews of the security functionality of a chip related product or system based on a pre-defined permissible level.

Whilst we will perform the mandatory vulnerability and penetration testing, we will also take a step further by assessing your product design and helping you where needed with the improvement of your product design from a security point of view.

Leverage UL’s deep understanding of payment industry regulations in order to efficiently move your product through the approval process. UL’s security services are endorsed by recognized regulatory and certification bodies, such as EMVCo, PCI and the leading payment card providers including American Express, Discover Financial Services, JCB International, MasterCard, Visa, UK CESG and APCA.

UL provides advice and performs evaluations ensuring compliance with some of the well-recognized standards such as FIPS 140-2 and Common Criteria  / ISO 15408.

Why choose UL?

  • Long-term relationship with payment industry regulators to help clients with best and optimized approaches for getting a product through the approval process.
  • Strong experience of approval processes for all payment schemes so that the project team can efficiently manage an evaluation project.
  • Industry-recognized quality of evaluation reports so that approval bodies reviewing process is optimized.
  • Dedicated experts in all areas of security, such as cryptography, JavaCard, GlobalPlatform, side-channel attacks, software-based security, logical attacks, fault injection, so that our experts can directly advise your team of experts.
  • Our trained security engineers work with product developers to provide an efficient evaluation of their Point of Interaction (POI) devices
  • Extensive services in the field of hardware-based security endorsed by PCI
  • With our extensive experience contributing to emerging security standards within the payment and federal space, we were able to offer our expertise in the development of the PCI Hardware Security Module (HSM) program
  • In-depth knowledge and experience in the area of identity security ensuring the security of applications yet keeping them user-friendly
  • Comprehensive attack platforms which demonstrate our hands-on knowledge on state-of-art attacks methods. 
  • Experienced experts actively contributing to security working groups, such as JHAS, JTEMS, ISCI-WG1, to advise you of the latest threats and security requirements.
  • Evaluation of closed and open platform embedded devices with complex form factors and interfaces.
  • Our services are endorsed by recognized regulatory and certification bodies, such as EMVCo, PCI, as well as payment schemes, American Express, Discover Financial Services, JCB International, MasterCard, UK CESG.
  • Our California laboratory (formerly known as InfoGard) collaborated with Visa to develop the first PIN Entry Device (PED) testing requirements; this enabled us to become the first PCI PIN Transaction Security Laboratory, and the only domestic organization with said credentials
  • The only Approved Application Scanning Vendor Validator (ASVV) and Consumer Electronic Clearing System Approved Evaluation Facility for the Australian Payments Clearing Association (APCA) in the United States.

Industries we serve

Banking & Finance

more>

Retail & Payments

more>

Mobile Solutions

more>

Transit

more>

Government

more>

eHealth Security

more>

Get in touch