Skip to main content

UL Security Blog

Learn more about security & identity management trends & best practices

Speak with an expert

Here's where you find insights into the interconnected world & cashless societies. 

Launching a 3DS Component at the Market – The Complete Guide from UL

PCI 3DSMany payment schemes mandate product providers to obtain a EMV 3DS Letter Of Approval (LOA) from EMVCo, that ensures that the 3DS Component... keep reading

Testing M2M and Consumer RSP Beyond the Specifications: General Debug and Conclusion

mobile spyThe debug of most issues and problems frequently relies on the ability to spy on the active M2M or Consumer RSP interfaces. But the biggest issue with eSIM technologies is... keep reading

TLS 1.3: Relevance for the Financial Industry and Actions to Take [PART 2]

TLSWhy would the financial industry care for a new version of TLS? In the first place, TLS is used in many places to secure connections. In finance, TLS is also widely applied to secure communication, for instance between point-of-sale (POS)... keep reading

See No Evil, Hear No Evil: Introducing Amazon Alexa Voice Service (AVS) Security Program

Amazon Alexa Voice Security UL Forgive my nerdy-ness for a second, but that scene from Star Trek: The Voyage Home – where Scotty is trying to dictate to the computer the method for constructing ‘transparent aluminum’ – has   always stuck in my mind. At the time it was funny because of course you can’t talk to a computer ... Keep reading

Testing M2M and Consumer RSP Beyond the Specifications: the Subscription Manager [PART 4]

securityIn M2M for both the SM-DP and SM-SR testing there is currently no certification body responsible for the certification process, but the SGP.11 test specification does provide full functional test coverage for both Subscription Manager types.. keep reading

Testing M2M and Consumer RSP beyond the Specifications: The Device [PART 3]

M2MConsumer RSP devices on the other hand does have specific eUICC support, therefore functional device testing is delivered by GCF and PTCRB, following the SGP.23 test specification... keep reading

Testing M2M and Consumer RSP beyond the specifications: The eUICC [PART 2]

securityEach of the separate eUICC test areas performed combine together to create the overall eUICC product compliance process required by GSMA for an eUICC to enter the M2M or the Consumer RSP ecosystem... keep reading

TLS 1.3: Impact for the Financial Industry [PART 1]

TLSLast March the IETF finalized and approved version 1.3 of TLS and last month "formal" publication as RFC 8446 [1] followed, but what do you know about it? What will it mean for you? Well get ahead of the game in UL’s latest insight on this new update to the TLS protocol... keep reading

Make or Buy a 3DS Component?

EMV 3DSThe decision to make or buy software has always been a difficult one, as each approach has both advantages and disadvantages. This holds true for those making or buying a EMV 3-D Secure (3DS) component, especially since the new version of 3DS may improve conversion rates for online purchases... keep reading

Do You Support Contactless Payments Already? [New Mandates]

VisaMillions of shops around the globe accept contactless payments nowadays. Tap with your card or smartphone, use your watch, ring, wristband, or convenient device - you name it.. keep reading

Recapping Money20/20 Europe 2018

UL Team Money2020Last week UL attended Money20/20 Europe in Amsterdam, bringing together key leading experts from across the world of FinTech to share market insight and explore new opportunities that may change the world of finance... keep reading 

Is there a future for in-store cryptocurrency payments?

CryptocurrencyBlockchain and other distributed ledger technologies (DLTs) are rapidly changing the landscape of many industries, as evidenced by the surge of interest seen in 2017 that continues to skyrocket.... keep reading

EMV 3-D Secure - Enhancing Security and User Experience in e-commerce

EMV 3-D Secure - Enhancing Security and User Experience in e-commerceEMV® 3-D Secure is the next generation of the industry standard 3-D Secure (3DS) online authentication for use with electronic commerce payment. Owned and managed by EMVCo, the final version of 3DS Specifications was released on October 2017 and is licensed for use to 3rd parties to develop products based on these specifications...keep reading

Upgrading your cyber resilience strategy

Upgrading your cyber resilience strategyThe digital era has brought us so much; streamlined shopping, more convenient payment means, and AI that can switch on your favorite Netflix series at your command. The downside of these innovations is the risk of cybercrime... keep reading

Testing M2M and Consumer RSP beyond the specifications [infographic]

m2m consumer blog post testing mobile specificationsWhy do we need to test M2M and Consumer RSP entities beyond the specifications? Why do it, as it could entail a lot of extra effort? Let’s be honest nobody likes to spend a lot on their testing needs and budgets a frequently quite tight... keep reading

'One Button Checkout': Where does it fit in the world of online payments?

One button checkoutTwo of the leading payment schemes recently made headlines by announcing their intent to do away with their proprietary online “checkout buttons” and instead combine their online checkout solutions into one single button... keep reading


Automated Border Control in Airports

UL digital identity solutions

Most people don’t usually associate passport control in airports with a fast and pleasant experience, but this is exactly what Automated Border Control (ABC) aims to achieve. An intuitive, user-friendly design of ABC eGates and kiosks helps to speed up lines and create a seamless experience for traveling passengers... keep reading


EID Proofing Applications Are Mandatory For Accurate Identity Verification - But Can They Be Trusted?

UL digital driver licenseID proofing systems which use electronic Machine Readable Travel Documents (eMRTDs) such as ePassports, electronic identification documents (eIDs) and electronic residence permit documents are systems that banks depend on for ensuring the correct identification of customers making transactions... keep reading

Secure Card Reader: PIN

UL PIN on CoTSJust last week (9th March, 2018) PCI released the latest version of their PIN Transaction Security (PTS) standard.  This standard covers the security of ‘traditional’ PIN entry terminals, card readers, Unattended Payment Terminals, Encrypting PINPads (EPPs), as well as ‘non-PIN’ terminals... keep reading

PCI PIN On COTS - Changing The Paradigm For PIN Acceptance

UL PIN readerJust this month (Jan 2018) PCI released the security requirements for their new standard – Software PIN on COTS. But what is this standard?  Does it affect you, or how you do business?  What exactly is a ‘COTS’ anyway?  In this blog post I will try to break down some of these questions, as well as some others that may be raised in light of this new standard... keep reading