Successful security evaluation according to the EMVCo SBMP Evaluation Process

As a company with many years of experience in the payment industry, MeaWallet knows the challenges of the sector quite well. For this reason, the digital payments enabler had its Mea Token Platform Software Development Kit (MTP-SDK) tested by TÜViT against the EMVCo SBMP security standards.



MeaWallet has developed the Mea Token Platform Software Development Kit (MTP-SDK), a new SDK solution for software-based mobile payment. In order to successfully launch and establish their solution on the market and to build trust, the company wanted to objectively prove its security and robustness. Therefore, MeaWallet commissioned TÜViT with a security evaluation according to the EMVCo SBMP evaluation process.


Product tested:

With the MTP-SDK, MeaWallet enables the securing of Mobile Payment Applications (MPA) in real world scenarios. It allows MPA developers and vendors who use MeaWallet‘s MTP-SDK to use Cloud Based Payments, including contactless and remote payments.



Technical challenge:
Mobile Payment Applications (MPA) must ensure secure payment services without the help of dedicated Hardware Security Modules (HSM) or Secure Elements (SE). In this context, they must implement a variety of software defenses to counter the numerous attack paths that a malicious actor could use to hack the MPAs and thus the security of the payment system.

Market access challenge:
Payment providers, e.g. credit card companies, require evidence of security of payment solutions in order to protect their brands from damage due to security breaches. As a result, the proof of a payment application‘s security becomes a decisive market entry factor.

Marketing challenge:
The payment industry is trust driven, i.e. success can only be achieved if customers trust the payment providers, payment systems and MPAs. Companies are therefore faced with the challenge of communicating and proving the trustworthiness of their products to the outside world.



A security evaluation according to the EMVCo SBMP Evaluation Process provides the solution to all three of the previously listed challenges. During a security evaluation, the product vendor‘s solution, in this case MeaWallet‘s MTP SDK, is thoroughly reviewed (Documentation Review, Source Code Review) and penetration testing is performed. This ensures that the product provider‘s technical solutions are sufficient and work as expected. Once the security evaluation has been successfully completed, an evaluation report is delivered to EMVCo, who in turn issues a Security Evaluation Certificate. This certificate allows entering the payment market and shows to potential customers that the product is trustworthy.



  • Objective proof of compliance with SBMP security standards
  • Increased trust in the market due to the confirmed security and robustness of the MTP-SDK
  • Possibility to cooperate with major payment providers such as VISA and MasterCard as a result of the demonstrated security
  • Competitive advantage for MeaWallet by differentiating from other non-evaluated or non-certified competitors
  • International recognition of the evaluation and certification, as it is based on the international standard EMVCo
  • Increased product visibility by placement in the publicly visible EMVCo Evaluated Products list after a successful evaluation



By performing an EMVCo SBMP Security Evaluation by TÜViT, MeaWallet is able to assure to payment providers, as well as their own customers, a high level of security and maturity regarding their MTP-SDK product. This helps MeaWallet differentiate their products from non-evaluated or non-certified competitors products, and enables them to work with major payment providers such as VISA and MasterCard.


Full Case Study here