Communications between CB and manufacturers are very frequent, for CB certification of their products, for consultation work via a consultative committee and, case-by-case, for tests on new products and services.
Certification takes place according to the CB certification policy and concerns either issuance (meaning the cards themselves and also the sites were these cards are produced), or acceptance (meaning the terminals).
Four types of players are involved in the process of CB approval:
CB and non-CB Certification Organisations
CB certification organisations (for example PayCert), which deliver certificates of compliance if the products comply with CB specifications. Prior to this, these certification organisations must be approved by CB.
Non-CB certification organisations (for example EMVCo), which deliver certificates in accordance with CB requirements.
CB laboratories, which perform tests requested by CB to confirm that the products meet CB specifications; the laboratories (for example Elitt) are first approved by the CB certification organisations and referenced with CB.
You will find the description of CB acceptance approval scheme in the attached document:
Besides, find the list of accredited companies "QSA" to realize audits PCI-DSS and at present referenced CB: list companies "QSA"
As part of its certification process, CB references laboratories that wish to take part in this certification process and therefore act as CB Laboratories.
To find out how to apply to become a CB Laboratory:
A CB Laboratory is a laboratory - approved by a Certification Organisation recognised by CB and referenced by CB - that performs technical evaluations of products and/or processes, to determine their compliance with CB's functional and security requirements.
CB offers test products and services that are representative of the technologies currently being deployed in the field as well as new technologies, such as contactless payment, to various actors throughout the CB payment chain.
The test solutions offered by CB take the following forms:
There are two types of cards depending on the test objective:
a) CB test cards, associated with an authorisation service to support the deployment (qualification at the end of development, installation, migration, etc.) and maintenance of payment applications in a “real world” environment – i.e. under the same conditions as those experienced by a customer in a store.
b) CB development cards to support the development and qualification of payment applications in a dedicated development environment, i.e. under laboratory conditions only.
CB provides a test acquisition service, which allows for the initialisation of applications (CB terminals) in a CB acceptance system dedicated solely to test cards. This service is aimed at users who do not have the option or need to avail of a Banking contract.
Catalogue of CB test cards:
A detailed catalogue is available, in which details of all products and services offered are presented in connection with the environment in which they will be used.
To order CB test solutions, please complete the order form in full and send it to:
Various players are involved in the process of manufacturing a CB card:
For each of them, the industrial process and the elements that result from it must comply with CB specifications and are therefore subject to CB certification to ensure compliance. This certification is renewed each year for the whole manufacturing process, and each time a change is introduced into the material or industrial process.
The Hardware Security Modules, which are elements of the "black box" type containing encryption functions for securing transactions and sensitive data, are the subject of particularly rigorous tests and assessment.
All of the elements that combine to implement a transaction by CB card are subject to certification:
Certain automated systems (such as dispensers of groceries, sweets, etc.), and certain payment systems for the hire of goods and services (such as for video rental) are the subject of an additional stage. They include a payment system that is itself certified, and must pass integration tests and obtain an AFAS certificate. This certifies that the unit can be used by consumers under the same conditions of security as certified payment terminals.
All of these lists are the property of CB. Read the legal information here.
Twice a year, a meeting of the advisory council brings together CB experts and consumers’ representatives. These meetings inform stakeholders of news concerning the CB system and, above all, provide a means of discussing questions on specific expectations. These meetings are a crucial component of CB governance.