Recertification: 01/2018

Previous recertification: 02/2015

Initial certification: 10/2012

Press Release 2012 Image

ValidSoft proved that its IT product VALid-SSD facilitates its privacy-compliant use. VALid-SSD is a tool that enables organisations (e.g., banks) to prevent fraud by means of so-called "Pseudo Device Theft".

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions

Product/Version

VALid-SSD
(Sim Swap Detection)
v3.5

Qualification: IT product

View the VALid-SSD v3.5 Certificate 

Cert. No.

EP-P-MPZ95X

Version of Certification Criteria

11/2011 (95/46/EC)

Validity

26/01/2018 until 31/01/2020

First recertification on 06 February, 2015

Initial certification on October 30, 2012

Monitoring

Not applicable (IT product)

Public Report

2018 Recertification VALid-SSD Short Public Report [PDF] Image 

2015 Recertification VALid-SSD Short Public Report [PDF] Image 

2012 VALid-SSD Short Public Report [PDF] Image

Manufacturer/Provider

VALIDSOFT LIMITED
Arthur Cox Building
Earlsfort Terrace
Dublin 2
Ireland

BEST

SSD sticks to the principle of data avoidance and minimisation by keeping the personal data processed to the absolute minimum. In addition, its conditions of use provide for strong legal safeguards: Buyers of the software are comprehensively informed about their data protection obligations and contractually bound to ensure compliance with the applicable data protection law.

ATTENTION:

n.a.

Summary

Recertification 01/2018:

The target of evaluation has not changed.

Recertification 02/2015:

The TOE has not changed. Nothing has been added to the TOE. Nothing has been removed from the TOE. There are no new regulations relevant to the TOE. The EuroPriSe Criteria Catalogue requirements relevant to the TOE have not changed. The experts verified that there are no new technical standards relevant to the TOE and that the state of the art has not changed.

Initial certification (10/2012):

VALid-SSD serves the purpose to ensure the integrity of (out of band - OOB) communications by checking whether a potentially fraudulent SIM swap has occured. The ToE works by "looking up" the SIM card numbers of the to-be-checked mobile phones (e.g., on the occasion of an OOB authentication in the online banking context) and then correlating these with the initially established SIM card numbers of the respective mobile telephone subscribers. When SSD determines that a mobile subscriber's SIM card number has changed, this is passed to the user of the ToE (e.g., a bank) who may choose to treat an unrecognised SIM card number as suspicious and take the action it deems appropriate.

Details

The ToE is a tool that enables organisations (e.g., banks) to prevent fraud by means of so-called "Pseudo Device Theft". In such "Pseudo Device Theft", attackers deceive the mobile network operator (MNO) of which the individual (e.g., bank customer) is a subscriber that that individual has obtained a new SIM card for his or her mobile phone, or a new phone, but wants to retain the original mobile phone number. The MNO then substitutes the new SIM card number for the original one, and calls or SMS messages to the original individual's mobile phone will be passed on to the new card - and thus to the criminal - rather than to the mobile phone of the subscriber. This divergence of the call / SMS can undermine the integrity of OOB authentication systems or other communications.

The ToE consists of a carrier with software which has a database at its heart. It has interfaces to the user's own systems and to the systems of a telecommunications service provider ("partner TSP") who supports the ToE in looking up the SIM card numbers.

Technical Evaluator

Javier Garcia-Romanillos Henriquez de Luna
Calle Zurbarán 7, 6B
28010 Madrid
Spain

Legal Evaluator

Prof. Douwe Korff
Wool Street House
Gog Magog Hills
Babraham
Cambridge CB22 3AE
UK

Formerly Certified Versions

N/A

Image

European Privacy Seal for VALid-SSD

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.