STRATEGIC PARTNERS
November 4, 1999
SAN FRANCISCO and WATERLOO, Belgium -- Major payment organizations, including American Express, Europay, MasterCard, Mondex and Visa, announced a new initiative to create common security guidelines for the smart card industry. The organizations have formed the Smart Card Security Users Group (SCSUG), coordinated by the US National Information Assurance Partnership (NIAP), and with the cooperation of the international Common Criteria Management Committee. The group will share information on security threats and security requirements, focusing on both chip hardware and smart card operating systems. Their combined input will be employed in the production of a Protection Profile for smart cards, which will address the chip and operating system security requirements for a smart card carrying EMV credit or debit applications as well as other applications requiring high security. An EMV Security Working Group is in the process of defining this new profile, based on the SCSUG Protection Profile for the chip and operating software platform. EMV (Europay, MasterCard, Visa) represents an agreed upon standard within the financial services industry for chip credit and debit applications developed to ensure interoperability of smart cards and terminals worldwide. The Smart Card Protection Profile will define a process for conducting security evaluations on IT products, such as network firewalls, and provide a basis for smart card security evaluations. Once evaluated and approved, the profile will enable vendors to write Security Targets that show how their products meet users' requirements. Smart cards manufactured to these requirements can then be tested and evaluated in an accredited, independent laboratory.
