Recertification: 08/2014

(previous recertification: 03/2012)

Press Release 2010 Image Image


European Privacy Seal for VALid-POS



VALid-POS® Standard Edition v2

View the VALid-POS Certificate 

Cert. No.



12/08/2014 until 31/08/2016

First recertification on March 31, 2012

Initial certification on March 31, 2010

Update Check (Optional)





Public Report

2014 recertificaton VALid-POS public report [PDF]

2012 recertification VALid-POS public report [PDF]

2010 VALid-POS public report [PDF]


9 Devonshire Square
London EC2M 4YF
United Kingdom


VALid-POS sticks to the principle of data avoidance and minimisation  by keeping the  personal data processed to the absolute minimum and by  making use of obfuscation measures. Buyers of the software are  comprehensively informed about their data protection obligations and  contractually bound to ensure compliance with the applicable data  protection law when making use of VALid-POS.




VALid-POS is a tool to assist financial institutions such as banks or  payment processors (henceforth referred to as "banks") in identifying  possibly fraudulent credit- and debitcard “card-present” transactions at Automated Telling Machines (ATMs or “cashpoints”) and at Point of Sale  (POS) terminals, as used in supermarkets, retailers, restaurants, etc.  Basically, VALid-POS verifies, with the help of a partner  telecommunications service provider (TSP), whether the card that is  being presented is in the same country or area as the mobile phone that  the cardowner has registered with the bank.


Recertification 08/2014:

The TOE has not changed. Nothing has been added to the TOE. Nothing has been removed from the TOE. There are no new regulations relevant to the TOE. The EuroPriSe Criteria Catalogue requirements relevant to the TOE have not changed. The experts verified that there are no new technical standards relevant to the TOE and that the state of the art has not changed.

Initial certification (03/2010):

If a proposed ATM- or POS-terminal transaction is assessed as potentially fraudulent by the bank’s own risk engine,  information on the ATM or POS terminal is sent within the bank to the  VALid-POS tool, together with the number of a mobile phone which the card-holder has registered with the bank, and a unique lookup reference number. This information does not reveal the  geographical location of the ATM or POS terminal:  for the software, it  is simply a unique (abstract) number.

The VALid-POS tool passes the telephone number on to the partner-TSP. The latter one carries out a “lookup” of the mobile phone in question and, on the basis of this lookup, sends largely obfuscated information on the whereabouts of that mobile phone to the VALid-POS tool. The obfuscation means, in particular, that the information as sent from the TSP to the software does not reveal the geographical location of the mobile phone: for the VALid-POS tool, this too is simply a unique (abstract) number.

The software then correlates the two unique numbers relating to the ATM  or POS terminal and the whereabouts of the mobile phone and can  determine from this whether it is likely that the card is in the same country or area as the mobile phone. VALid-POS is capable of this because the pattern of links between  unique numbers relating to particular ATMs and (obfuscated) unique  numbers relating to particular mobile network segments has been  previously established by the software during a learning phase.

If the card and the mobile phone are not in the same country or area, this suggests that the transaction is indeed potentially fraudulent, and that the bank should indeed consider declining the  transaction as its own risk engine suggested. On the other hand, if the  mobile phone is in the same country or area as the card, it is less likely that the  transaction is fraudulent, and therefore more likely that the bank’s risk engine’s conclusion was a “false positive”.

Technical Evaluator

Javier Garcia-Romanillos Henriquez de Luna
Ernst & Young (Spain)
Plaza Pablo Ruiz Picasso 1
Torre   Picasso
28020 Madrid

Legal Evaluator

Prof. Douwe Korff
Wool Street House
Gog Magog Hills
Cambridge CB22 3AE

Formerly Certified Versions

VALid-POS® Standard Edition v.2

View the VALid-POS recertification 2012 certificate

View the VALid-POS  initial certificate



This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

© 2008 - 2016 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint