Tested security in electronic payment transactions

Components that are used in electronic payment transactions must fulfil the EMVCo security standards and those of The German Banking Industry Committee. TÜViT’s IT security test laboratory has been evaluating chips, applications, chip cards / smart cards and the corresponding operating systems for the banking sector for more than twenty years, as well as drawing up security assessment reports. With its test laboratory, TÜViT is one of the ten companies that have globally been accredited by EMVCo.


Interoperability and acceptance of secure payment procedures

The primary goal of EMVCo, an organization of the six members of American Express, Discover, JCB, MasterCard, UnionPay and Visa, is to guarantee the interoperability and acceptance of secure, chip card-based electronic payment systems and ensure compliance with the EMC specifications.

Die Deutsche Kreditwirtschaft (The German Banking Industry Committee) represents the interests of the five umbrella associations of the German banking industry. It lays down the security standards that must be complied with for the approval of debit or credit cards, electronic cash and point-of-sale terminals and the associated network infrastructure.

TÜViT is an accredited security assessor

TÜViT is accredited by EMVCo, its members and The German Banking Industry Committee as a security assessor. Our IT security experts evaluate both the security of the underlying hardware, the platform (hardware including the operating system) and the entire application for use in electronic payment transactions. The scope of testing includes products for payment through contact, non-contact or mobile channels (e.g. NFC).

The goal is to confirm fulfillment of the requirements of the national and international credit services sector by means of audits with a final assessment report. Our evaluation services primarily address manufacturers and developers of components (hardware and software products) in the field of electronic payment transactions and their operators.

Our services at a glance

  • security evaluations of chips, platforms (hardware including operating system), payment applications on Smart Cards
  • security evaluations of mobile-based payment applications (including white-box cryptography)
  • testing of conformity with the relevant security guidelines of the payment industry (EMVCo, American Express, Discover, MasterCard, Visa, The German Banking Industry Committee)
  • analysis of the source code and penetration tests
  • on-site audit of the development and production sites
  • drafting of security assessment reports

Your benefits at a glance

  • with the security assessment reports, you can apply for product or type approvals to The German Banking Industry Committee or EMVCo or its members
  • your critical values are provided with the best possible protection: we use the strongest attack techniques that are currently available on the market
  • the best lineup for you: Our IT security experts have outstanding know-how. TÜViT has all the necessary accreditations
  • you can rely on a partner who has successfully carried out corresponding projects for more than twenty years

Dr. Patrick Bödeker

Head of Department Hardware Evaluation

+49 201 8999-618
Fax : +49 201 8999-666

Further services

Evaluation Body for IT Security

With its evaluation body for IT security, TÜViT is one of the world's leading providers of testing services for IT products and systems. The evaluation body has been recognized by the German Federal Office for Information Security (BSI) since 1991 and accredited by the DAkkS, the German Accreditation Body, according to DIN EN ISO/IEC 17025.
Read more

Common Criteria

Globally-recognized security evaluations for IT components, products and systems: TÜViT is one of the world's leading testing service providers for Common Criteria. With our 50 licensed evaluators, we have successfully completed over 600 evaluation projects according to CC (from EAL1 to EAL7).
Read more


Hardware tests for more security: Hardware security modules or chip cards are used for the protection of sensitive data. TÜViT evaluates these IT products and their components in accordance with recognized international security standards and performs the necessary penetration tests in its own hardware test laboratory.
Read more


Making software subsequently secure is always complicated and expensive. This is why it is important to consider the subject of IT security at the beginning and throughout the entire life cycle within the framework of a Common Criteria (CC) evaluation.
Read more

Site Certification

Audit of development and production environments: If IT products are certified in accordance with the Common Criteria IT security standard or EMVCo, audits of development and production environments represent an integral part of the evaluation process. For many years now, TÜViT has been successfully carrying out site audits for production and development environments.
Read more

Technical Guidelines of the BSI

Security for government applications and health data: TÜViT is recognized by the German Federal Office for Information Security (BSI) as an evaluation body for Technical Guidelines (TR).
Read more

FIPS 140-3

Testing of crypto modules and crypto algorithms: The TÜViT test laboratory is approved by the National Institute of Standards and Technology (NIST, USA) for testing and validation according to FIPS PUB 140-3.
Read more


The FIDO Alliance has developed open standards especially for authentication solutions, allowing manufacturers to objectively demonstrate the security of their products. As a security laboratory accredited by the FIDO Alliance, TÜViT is entitled to perform corresponding evaluations.
Read more


TÜViT carries out security assessments throughout the entire product life cycle process in accordance with the NESAS standard. This enables us to offer network equipment manufacturers a complete audit and testing portfolio from a single source.
Read more