Biometrics

Biometrics testing services

A one-stop shop from consulting to testing.

Fime provides security consultancy, evaluation, and test services to ensure that an application or product achieves the highest security standards throughout its lifecycle.

Overview.

Fime’s expertise covers smart cards, Secure Elements (SE), SoftPOS, Trusted Execution Environments (TEE), standard and Host Card Emulation (HCE) mobile applications, payment terminals, EMV®* 3-D Secure, Token Service Providers (TSP) and Trusted Service Managers (TSM). Fime is also able to address payment-related systems dealing with account data through PCI DSS compliance and penetration testing as well as compliance assessment to other PCI standards (like PCI PIN, PCI P2E, PCI SSF, PCI Card Production & Provisioning, PCI 3DS, PCI 3DS SDK, PCI TSP, PCI TSM,...).
Beyond this standard testing portfolio, Fime experts can develop dedicated tests or security expertise to futureproof your implementations.

Consulting

Fime works in partnership with its clients to address product and application security requirements from initial set-up and throughout the development and integration stages. Helping make the right decision based on their individual security needs. Our services include:

Risk analysis.
Security requirements writing.
Product design review / Source code review.
Technical guidance.
PCI certification documentation writing.
Vulnerability analysis / Pre-assessment.
Security assessment & pentesting.

Training

Fime can offer training in its areas of expertise which cover:

Chip card / Secure Element (SE).
Payment terminal.
SoftPOS / PCI MPoC.
Trusted Execution Environment (TEE).
Standard & Host Card Emulation (HCE)
mobile applications.
Token Service Provider (TSP).
Trusted Service Manager (TSM).

Key benefits

Security compliance evaluation is mandated by payment schemes to avoid fraud and for the following reasons

User experience is key to global solution acceptance.
A bad user experience can spread through word of mouth or even social networks and have a profound impact on user acceptance.
Security issues in the field are negatively impacting user experience.
As a solution provider, you cannot afford security issues in the field.
The later security issues are discovered, the more expensive they are to correct.

Achieving security expertise will ensure that your solution has reached a recognized security level, and it will:

Help you identify security vulnerabilities in your solution, policies, and processes.
Reduce the risk of fraud and incidents, client data theft, and potential damages to your business.
Make sure user experience keeps being great without being negatively impacted.
Show your clients, providers, and business partners a positive image and reputation about the level of security that applies to your solution.
Enable you to qualify as a responsible solution provider.
Allow your solution to be authorized for deployment by payment schemes.

With Fime, you can work with a single partner, accredited by most of the international and domestic payment schemes.

How it works.

Define test scope based on your product features and target certifications in a scoping questionnaire that we provide.
Request a quote based on the scope.
In some cases, we may need to review together the provided scope to clarify and ascertain.
Book a timeslot with lab for pre-assessment and security evaluation.
Prepare the test samples, source code, and required documentation.
Accredited lab performs security evaluation.
Provide test results/reports for your review and to each scheme for approval.

Standards

American Express
BAROC
CCC-Digital Key Applet security
Common Criteria (ISO/IEC 15408)
Discover
EMVCo
FeliCa Networks
First Data
Interac
JCB
Mastercard CAST
Mifare for NXP
Visa VCSP
FIPS 140-3 up to level 4
EMVCo SBMP and Visa Ready for Host Card Emulation (SDK/Mobile Wallet)
GlobalPlatform and EMVCo for TEE security
State-of-the-art mobile application pentesting
State-of-the-art penetration testing on IT and network systems

*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

Security audit (such as ISO/IEC 27001) for sites and processes
Logical, organizational and physical security audit)
PCI CPoC (Contactless Payments on COTS) and PCI SPoC (Software-based PIN entry on COTS) for SoftPOS
PCI MPoC (Mobile Payments on COTS) for SoftPOS
PCI PTS (PIN Transaction Security) for POS terminals
PCI 3DS
PCI 3DS SDK
PCI Card Production & Provisioning
PCI DSS
PCI P2E
PCI PIN
PCI SSF
PCI TSM
PCI TSP

Téléchargement

Download our technical specifications sheets for more information.

Fime security brochure.pdf

Get your quote and further information

First name *

Last name *

Company profile *

Company name *

Phone number *

Email *

Country *

I consent to Fime processing and using my personal data to fulfill my request, and also agree to receive marketing communications in accordance with Fime’s Privacy Policy . I understand that I can withdraw my consent at any time either by using the “unsubscribe” option in the email I may receive, or by sending the request to Fime’s Data Protection Officer at dpo@fime.com

Payments advisory

Expert advisory

Fime Academy

Technical consulting

Hyperlab research and development

Test strategy

Compliance and risk

Operational effectiveness

Lab outsourcing

Find your solution

Fime Test Factory

Level 1

Level 2

Level 3

Open banking

Transport

Mobile

Instant Payments

Digital Identity

Find your solution

Card, terminal, mobile

Issuing

Acquiring

Physical testing

EMV 3-D Secure Test Platform

Biometrics

Digital Identity

Open banking, Sahamati

Healthcare, ABDM

Smart mobility, NCMC

Case study

Providing a 360 view across the entire ecosystem

Schemes

Retailers

Issuers

Vendors

Acquirers

Mobility actors

Case study

Blog articles

Case studies

eBooks

Podcasts

Presentations

Videos

Scientific papers

White papers

Events & webinars

News

Training services