Quarkslab, French deeptech specialized in software protection technologies, gladly announces today that Quarks AppShield, its application shielding software, has completed the EMVCo security evaluation certification process for Software-Based Mobile Payment (SBMP) solutions for all Quarks AppShield components in the Software Protection Tool (SPT) category.
Quarks AppShield’s EMVCo certification accelerates certification time for payment application providers
Payment application providers can now select a proven and already evaluated security solution, guaranteeing them a high level of security assurance, and ensuring that their own payment acceptance certifications will be easier and faster to be completed.
With the emergence and rapid adoption over the years of contactless capabilities on mobile consumer devices such as smartphones, the payment industry wished to leverage these capabilities. These technologies allow for a streamlined experience both for the customer and merchant and can replace cash in certain transactions. Software-Based payment solutions represent a growth relay for payment providers, opening up new markets, build a competitive advantage and strengthen their brand image.
These new payment solutions pose different risks and threats than traditional payment systems, which leverages chip technology and Secure Elements. In this new model, the mobile application is particularly at risk and must be protected with the appropriate technologies such as code obfuscation, white-box cryptography, anti-tamper and anti-emulation technologies.
EMVCo created this certification process of Software-Based Mobile Payment solutions to ease the selection for payment vendors to use proven security solutions in their products.
Quarkslab evaluated by BrightSight
Our three Quarks AppShield components are now certified under the security evaluation process for Software Protection Tools and were evaluated by an independent third-party evaluation center, approved by EMVCo:
- Quarks App Protect offering application and data protection technologies such as code obfuscation and dynamic protections (code integrity, root detection, anti-instrumentation, anti-emulation, tamper detection).
- Quarks Keys Protect, a white-box cryptographic library for protecting transaction information (white-box cryptography, device binding).
- Quarks Digital Vault to protect personal and sensitive data used by an application such as API session tokens.
“This certification shows Quarkslab commitment to offer – on top of our existing worldwide customers’ experience and best practices – a proven software protection technology that allows all industries to leverage our solutions: at any stage and scale for mobile payment providers, or in diversified fields such as Intellectual Property protection and streaming content security.” comments Frederic Raynal, Quarkslab’s CEO.
The certification statement is available on the EMVCo website: https://www.emvco.com/wp-content/uploads/approved_products/uploaded/loa/EMVCo_SECN0049_N_05_2021.pdf
For more information on Quarks AppShield and its different components: https://quarkslab.com/quarks-appshield/
EMVCo is a global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. EMVCo was formed in 1999 to enable the development and management of specifications to address the challenge of creating global interoperability amongst different countries and to deliver the adoption of secure technology to combat card fraud, while enabling innovation in the payments industry. EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere.
Quarkslab expertise’s combines offensive and defensive security in application protection and helps organisations adopt a new security posture: Force the attackers, not the defender, to adapt constantly. Through our consulting services as well as our software we provide tailored solutions to organisations, helping them protect their assets, sensitive data, and users against increasingly sophisticated attacks.