Common.SECC is an international security certification scheme for card payment terminals (known as points of interaction or POIs).
Currently it covers POIs deployed at merchants in Germany and the UK, but that scope may be extended, and other nations and approval bodies are welcome to join Common.SECC.
Common.SECC comprises a Coordination Committee (CC) and a Common Certification Board (CCB). Members of the SC and CCB initially represent the German Banking Industry Committee (GBIC) and UK Finance (UKF).
In Germany, the Common.SECC process replaces many aspects of the existing POI security evaluation process. (There are additional requirements for the German market, relating to functional terminal and network testing and POI application evaluation. These will continue to be performed, but POIs must first have a Common.SECC certificate.)
In the UK, the Common.SECC process replaces the existing UK POI Common Criteria security evaluation process.
In all cases it applies to new POIs. POIs that have been evaluated under previous arrangements may continue to be maintained under those previous arrangements. Common.SECC reserves the right to decide whether a device is ‘new’ and thus falls under the Common.SECC scheme. The vendor may opt to take the Common.SECC route.