Committed to Cybersecurity Compliance for Apps, APIs, Content and Code

Verimatrix is deeply committed to maintaining robust security management, data privacy, and upholding data sovereignty.

Our security solutions are designed and engineered to comply with rigorous security management standards, software coding best practices, stringent data handling processes, with a strong emphasis on data privacy.

By obtaining industry-recognized certifications, Verimatrix not only strengthens its own defenses but also reassures clients and partners of our unwavering commitment to security excellence.

This proactive stance on data security is essential to Verimatrix’s strategy to build trust and deliver unparalleled value to our stakeholders in an interconnected world. We also help our customers adhere to and comply with compliance regulations.

1. Our Certifications

Verimatrix maintains up-to-date, 2024 certifications from multiple governing bodies, such as EMVCo (Europay, MasterCard, and Visa Cooperation), ISO-9001, and ISO-27001:2022.

ISO-27001:2022 and ISO-9001 Certificates

Verimatrix’s security solutions and business processes are engineered to comply with ISO-27001:2022 and ISO-9001. Verimatrix proudly holds 2024 certifications for both ISO-9001 and ISO-27001:2022, underlining its commitment to maintaining high standards in both quality management and information security. These certifications are not just badges of honor; they reflect a deep-seated commitment to operational excellence and rigorous security practices, which are crucial for clients relying on their cybersecurity solutions.

ISO-9001 is an international standard that specifies requirements for a quality management system (QMS). Organizations certified under ISO-9001 demonstrate their ability to consistently provide products and services that meet customer and regulatory requirements. It involves a strong customer focus, the motivation and implication of top management, the process approach, and continual improvement. For Verimatrix customers, this certification means they can expect high-quality, reliable products and services that consistently meet their needs and comply with applicable laws and regulations, ensuring a dependable partnership in their security endeavors.

ISO-27001:2022 is a widely recognized international standard for managing information security. It outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard helps organizations manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties. For clients of Verimatrix, this certification is crucial as it assures them that Verimatrix adheres to best practices in data protection and security. It gives customers peace of mind, knowing their sensitive information is handled securely, reducing the risk of security breaches and enhancing trust in Verimatrix’s capabilities to protect their critical digital infrastructure.

The recently released ISO 27001:2022 standard represents a significant update to the widely adopted information security management framework (formerly 2013). This version includes additional Information Security Requirements & new controls in:

Threat intelligence
Information security for the use of cloud services
ICT readiness for business continuity
Physical security monitoring
Configuration management
Information deletion
Data masking
Data leakage prevention
Monitoring activities
Web filtering
Secure coding

Farncombe Security Audit Certificate

The Farncombe Security® Audit, offered by Cartesian, represents an essential service for organizations like Verimatrix, operating within the content security domain. This auditing service is not just a routine check; it is an in-depth, specialist security evaluation tailored for content owners, broadcasters, OTT service providers, and technology suppliers globally. Trusted and recommended by major Hollywood studios, the Farncombe Security Audit aligns with the highest industry standards, including the rigorous MovieLabs Enhanced Content Protection specifications for Ultra HD content. By meticulously assessing various security aspects such as Conditional Access Systems (CAS), Digital Rights Management (DRM), and client device security, Cartesian provides an authoritative evaluation of how well a system protects content against unauthorized access and piracy.

Verimatrix has a 2020 Farncombe Security Audit Certificate for its VCAS 5 product. For a company like Verimatrix, which specializes in securing and enhancing the value of digital video content, undergoing a Farncombe Security Audit and earning the right to display the Farncombe Security® Shield Mark serves as a significant credential. This certification signals to clients, partners, and the industry at large that Verimatrix not only meets but potentially exceeds the strict security requirements set by content providers and industry benchmarks. The Shield Mark, therefore, isn’t just a badge of security; it’s a testament to Verimatrix’s commitment to maintaining the highest standards of content protection, thereby building trust and reinforcing its reputation in a competitive market.

EMVCo Certificate

Verimatrix’s security solutions and business processes are engineered to comply with EMVCo. The XTD product holds a 2023 certification from EMVCo, administered through Riscure. The EMVCo certificate for the Mobile Payments product was renewed in December 2024, with the certificate available on this page.

EMVCo oversees the interoperability and security standards for card-based and mobile payments, encompassing technologies such as chip specifications, contactless payments, and QR codes. In 2018, EMVCo launched the Software-Based Mobile Payment program aimed at scrutinizing mobile payment SDKs and wallets to ensure they adhere to critical security benchmarks including code protection, safekeeping of payment assets, and cryptographic key security. This program demands robust security measures such as advanced obfuscation, anti-tampering, runtime protection, and white-box cryptography, with only those solutions validated by accredited security labs and endorsed by EMVCo being recognized on their platform.

Verimatrix XTD’s technology aligns closely with these requirements by integrating advanced obfuscation, anti-tamper mechanisms, and environmental checks to protect both Android and iOS mobile applications from potential attacks. This comprehensive application shielding approach is extended across multiple platforms including mobile, embedded, desktop, and web, ensuring a broad spectrum of digital products can withstand emerging threats. Furthermore, XTD leverages artificial intelligence (AI) and machine learning (ML) to offer continuous threat intelligence and real-time application risk assessments. This capability is crucial for applications operating on “unmanaged” consumer devices, which are widespread yet fall outside traditional IT control, thus posing unique security challenges.

Verimatrix’s Whitebox Cryptography product can help customers adhere to EMVCo security standards by protecting cryptographic keys via a method that integrates these keys within the application code, making them indiscernible and resistant to extraction through static and dynamic analysis. By employing advanced mathematical techniques to merge keys with application logic, Verimatrix ensures robust protection against reverse engineering and other attacks, aligning with EMVCo’s emphasis on cryptographic security in mobile payment environments. This provides customers with confidence that their payment transactions are secure and their applications are compliant with global security standards.

2. How We Address Data Protection & Privacy

Verimatrix is committed to the highest standards of Data Protection & Privacy. Our security solutions and business processes are engineered to comply with all major data priacy regulations. We recognize the critical importance of protecting the confidentiality, integrity, and availability of the information entrusted to us by our customers and partners. Our Data Protection & Privacy Policy is designed to ensure compliance of Verimatrix’s security solutions and business processes with international regulations and best practices.

PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal privacy law for private-sector organizations. It regulates how businesses must handle personal information in the course of commercial activities across Canada. Similar to the European General Data Protection Regulation (GDPR), PIPEDA mandates a comprehensive set of rules for the protection of personal information, ensuring that it is handled with care and respect throughout its lifecycle. This includes securing personal data against loss, theft, unauthorized access, usage, or disclosure. The law applies not only to health data but to all personal information collected, used, or disclosed in the course of commercial activities, emphasizing the responsibility of organizations to implement effective security safeguards.

Verimatrix’s security solutions and business processes are engineered to comply with PIPEDA. Verimatrix XTD and its comprehensive suite of application protection tools aid customers in safeguarding their applications from potential security threats. These tools are crucial in preventing the exploitation of app vulnerabilities, which might otherwise result in unauthorized access to or breaches of consumer data, thereby aligning with the PIPEDA’s data protection requirements. Furthermore, incorporating Verimatrix’s content security or anti-piracy solutions enables organizations to bolster their compliance with the PIPEDA This is facilitated through the use of ISO-certified security management and data handling processes that meet enterprise-grade security standards.

PDPA

The Personal Data Protection Act (PDPA) of Singapore governs the collection, use, and disclosure of personal data by organizations in a manner that recognizes both the rights of individuals and the needs of organizations to use personal data for legitimate purposes. The PDPA sets out various obligations for organizations, similar to those in GDPR, including the protection of personal data from unauthorized access, collection, use, disclosure, copying, modification, or disposal. The act emphasizes the importance of managing personal data responsibly and transparently, ensuring individuals’ data privacy is respected and maintained throughout its handling process.

Verimatrix’s security solutions and business processes are engineered to comply with PDPA. Verimatrix XTD and its suite of application protection capabilities help customers protect against the exploitation of vulnerabilities within their apps, which could lead to unauthorized data access or breaches on consumer information, thus supporting the PDPA’s data protection obligation. Additionally, by integrating Verimatrix’s content security or anti-piracy solutions, organizations can strengthen their adherence to the PDPA because of the enterprise-grade security management and data handling processes, which are ISO-certified.

U.S. State-level Data Privacy Regulations

There is no national data privacy law in the United States. However, several individual states have passed their own regulations imposing privacy obligations on entities handling the data of each state’s residents. Below is a list of existing state regulations:

California Consumer Privacy Act
California Privacy Rights Act
Colorado Privacy Act
Connecticut Data Privacy Act
Indiana Consumer Data Protection Act (effective 2026)
Iowa Consumer Data Protection Act (effective 2025)
Montana Consumer Data Protection Act (effective 2024)
Oregon Consumer Privacy Act (effective 2024)
Tennessee Information Protection Act (effective 2025)
Texas Data Privacy and Security Act (effective 2024)
Utah Consumer Privacy Act
Virginia Consumer Data Protection Act

Given the risks associated with the widespread use of mobile applications that are now an integral part of financial institutions’ service delivery and business models, these organizations need trustworthy, strong, yet simple-to-adopt solutions that ease the burden of compliance so they can focus on priority business concerns. Verimatrix’s security solutions and business processes are engineered to comply with U.S. state data privacy regulations. Verimatrix XTD and its suite of cybersecurity solutions helps organizations build secure and compliant mobile applications as well as protect mobile apps running on unmanaged consumer mobile devices.

EU-U.S. Data Privacy Framework (DPF)

The EU-U.S. Data Protection Framework (DPF), the UK extension of the EU-U.S. DPF and the Swiss-U.S. DPF have been respectively developed by the U.S. Department of Commerce and the European Commission, the UK Government and the Swiss Federal Administration with the objective of providing U.S. organizations with trusted transfer mechanisms of personal data from the European Union, the UK and Switzerland to the U.S., ensuring effective data protection in accordance with EU, UK and Swiss legislation.

As part of this initiative, Verimatrix adheres to the EU-U.S. Data Protection Framework (DPF) principles for personal data transferred from the European Union and the United Kingdom, and to the Swiss-U.S. DPF principles for data transferred from Switzerland. This certification guarantees compliance with international data protection standards and facilitates the secure transfer of personal data in these regions. Inclusion on the Data Privacy Framework list underlines our commitment to protecting our customers’ data and complying with global privacy principles. For more details, visit the official DPF website. https://www.dataprivacyframework.gov/list

3. Helping Customers Improve Their Security Posture

Verimatrix’s security solutions and business processes are engineered to comply with development and coding best practices and regulations involving application security compliance. Verimatrix helps its customers enhance their security posture by aligning its solutions with rigorous standards set by bodies such as OWASP, CISA, and the requirements of legislative frameworks like the Digital Markets Act, Cyber Resilience Act, and NYDFS NYCRR 500.

OWASP Top 10 Mobile App Vulnerabilities

The OWASP Mobile Security Project is intended to give developers and security teams knowledge of how to build and maintain secure mobile applications. Understanding security risks that a mobile app may face helps developers to avoid pitfalls and build more secure applications that protect app users and their data.

The OWASP Mobile Security Testing Guide is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android platforms. OWASP also includes a Mobile Application Security Verification Standard that can be used by developers and mobile software architects for development guidance, as well as security testers who need to ensure completeness and consistency of test results.

Verimatrix’s security solutions and business processes are engineered to address the OWASP Top 10 Mobile App Vulnerabilities. Verimatrix XTD effectively addresses nine out of the ten OWASP mobile app vulnerabilities, offering a robust suite of security solutions tailored to enhance mobile application safety. Please review the following chart to learn more about how Verimatrix XTD and its suite of cybersecurity solutions help customer address the OWASP Top 10.

Verimatrix Addresses the OWASP Top 10 Mobile App Vulnerabilities

M1
Improper Credential Usage

Verimarix Overlay Detector™ identifies and prevents unauthorized screen overlays that can capture sensitive user inputs like credentials, ensuring that they are only used in the intended, secure context of the app.

M2
Inadequate Supply Chain Security

Verimatrix Supply Chain Defender™ monitors app instances for backdoors, whitelists outgoing connections to detect and prevent unauthorized communications, and helps mitigate API risks in compromised mobile applications.

M3
Insecure Authentication / Authorization

Verimatrix Man-in-the-Middle Interceptor™ to detect attacks on certificate pinning.

M4
Insufficient Input / Output Validation

Verimatrix Anti-Tampering™ uses thousands of micro-checks within your app’s code to prevent unauthorized mods and allows customizable security settings to address Insufficient I/O Validation by ensuring the app operates as designed.

M5
Insecure Communication

Verimatrix Man-in-the-Middle Interceptor™ detects and prevents man-in-the-middle attacks, where an attacker intercepts and potentially modifies communication between a mobile app and server.

M6
Inadequate Privacy Controls

Verimatrix Anti-debugging™, Verimatrix Anti-hooking™, Verimatrix Anti-tampering™ hardens applications against attacks trying to extract private data.

M7
Insufficient Binary Protections

Verimatrix Anti-Debugger™, Verimatrix Anti-Hooking™, Verimatrix Anti-Tampering™.

M8
Security Misconfiguration

Verimatrix Anti-Debugger™ ensures applications are not debuggable once deployed, preventing alterations to the app’s runtime environment, which helps to safeguard sensitive data or functionality due to misconfigurations, but is only a partial solution to this issue.

M9
Insecure Data Storage

Verimatrix Anti-Tampering™, Verimatrix Rooting Detector™ and various data protection methods.

M10
Insufficient Cryptography

Verimatrix Code Shield™ whitebox cryptography secures cryptographic keys by embedding them directly into the app code, making the keys invisible. Secondary detections can be triggered via Verimatrix Anti-Tampering™ or Verimatrix Man-in-the-Middle Interceptor™ if exploited.

ISO/SAE 21434 - Automotive Cybersecurity

The ISO/SAE 21434 standard, developed by SAE International and the International Organization for Standardization (ISO) in 2020, serves as the first automotive cybersecurity standard with a unique set of requirementss to be compliant. It defines engineering requirements for cybersecurity in road vehicles, covering processes and vocabulary for managing cybersecurity risks related to automotive components and interfaces. The standard addresses the entire lifecycle of vehicles, including design, manufacturing, maintenance, and disposal.

As mobile devices and apps increasingly control automobiles, securing these technologies is also crucial. If cybercriminals breach a connected mobile device or app, they could potentially take control of the vehicle, highlighting the importance of comprehensive cybersecurity measures as prescribed by the ISO/SAE 21434 standard.

Verimatrix’s security solutions and business processes are engineered to comply with ISO/SAE 21434, but we are not certified. Verimatrix XTD and its suite of cybersecurity solutions helps automotive organizations and suppliers comply with ISO/SAE 21434 cybersecurity guidelines via it’s advanced app protection, code obfuscation, runtime application protection, whitebox cryptographic key protection, anti-tamper solutions and threat detection and response tools. Verimatrix’s 2024 certification with with ISO-27001-2022 and ISO-9001 align closely with ISO/SAE 21434’s recommendations.

PCI SPoC, CPoC, MPoC logo and MPoC

PCI Software-Based PIN entry on COTS (PCI SPoC), PCI Contactless Payments on COTS (PCI CPoC), and PCI Mobile Payment on COTS (PCI MPoC), all focus on maintaining the security of payment data and protecting against fraud.

PCI SPoC provides a standard for secure PIN entry on mobile devices that are not specifically designed for payment card processing. It enables secure PIN entry on software-based solutions running on consumer devices. Specifically targets environments where a PIN is entered directly on a COTS device using a software-based solution. It includes requirements for secure entry and encryption of PIN data.

PCI CPoC allows contactless payments to be made using mobile devices without needing specialized hardware. It focuses on ensuring that the software and solutions used for processing contactless payments are secure. Applies to solutions that enable a device to read a contactless card or payment device using built-in NFC (Near Field Communication) functionality for transaction processing.

This standard combines elements of both contact and contactless payment on mobile COTS devices, covering the security of payment transactions that include both PIN entry and contactless functionalities. Focused on mobile apps that facilitate payment transactions using built-in capabilities of standard mobile devices, ensuring that these transactions are processed in a secure manner.

As the new PCI MPoC standard sets an attack resistance threshold for SoftPOS solutions, selecting the right security partner for application protection is crucial for developers. Verimatrix offers comprehensive solutions that help secure mobile apps, web apps, desktop and embedded apps and similar applications, ensuring the protection of payment data in line with PCI regulations.

Verimatrix’s security solutions and business processes are engineered to comply with PCI SPoC, CPoC, MPoC logo and MPoC. Verimatrix XTD and its suite of cybersecurity solutions helps organizations adhere to PCI standards to be compliant. Our advanced code obfuscation, runtime application protection, whitebox cryptographic key protection, and anti-tamper solutions are particularly well-suited for SoftPOS application developers aiming to comply with the security demands of PCI SPoC, CPoC, and MPoC standards, providing a comprehensive approach to application and transaction security.

NAIC

The US National Association of Insurance Commissioners (NAIC) membership has adopted recommendations on cybersecurity protections for insurance organizations, including the Principles for Effective Cybersecurity: Insurance Regulatory Guidance; the NAIC Roadmap for Cybersecurity Consumer Protections, to bolster consumer protection; and the Insurance Data Security Model Law which requires insurers and other entities licensed by state insurance departments to develop, implement and maintain an information security program; investigate any cybersecurity events; and notify the state insurance commissioner of such events. Many states have adopted the model to date.

Verimatrix’s security solutions and business processes are engineered to comply with NAIC. Verimatrix XTD and its suite of cybersecurity solutions help insurance organizations comply with the US National Association of Insurance Commissioners (NAIC) cybersecurity guidelines. Its advanced app protection, code obfuscation, runtime application protection, whitebox cryptographic key protection, anti-tamper solutions and threat detection and response tools align with NAIC’s recommendations, including the Principles for Effective Cybersecurity, Cybersecurity Consumer Protections and the Insurance Data Security Model Law. Verimatrix helps empower customers to manage information security, effectively investigate cybersecurity events, and ensure compliance with state-specific regulations, enhancing consumer protection and meeting regulatory standards across different jurisdictions.

PSD2 - EU

The Payment Services Directive 2 (PSD2) legislation requires payment service providers to contribute to a more integrated, secure, and efficient payment ecosystem. Beyond the first Payment Services Directive, PSD2 mandates stronger security requirements for online transactions through multi-factor authentication. It also forces banks and other financial institutions to give third-party payment service providers access to consumer bank accounts if an account holder has given their consent.

For mobile banking apps, PSD2’s security requirements require protection against known and unknown attacks on mobile apps. Mobile app requirements are particularly guided by Article 9 of PSD2’2 final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC).

Verimatrix’s security solutions and business processes are engineered to comply with PSD2. Verimatrix XTD provides passive protection through continual data monitoring and integrates AI/ML that evolves to identify future and unknown attacks against mobile apps. Additionally, Verimatrix provides Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) while also providing protection against man-in-the-middle (MITM) attacks.

Digital Markets Act

Verimatrix XTD offers robust support to developers and businesses navigating the new landscape shaped by the Digital Markets Act (DMA). As the DMA encourages the proliferation of third-party app marketplaces and sideloading capabilities, it introduces greater variability in the security infrastructure of these distribution channels compared to established platforms like Google Play and the Apple App Store. This shift could potentially expose apps to higher risks of malware distribution and security vulnerabilities. Verimatrix XTD, with its comprehensive suite of security tools, empowers developers to fortify their applications against these risks. By offering features such as malware detection, reverse engineering prevention, and comprehensive threat management, XTD ensures that applications remain secure, even when distributed through less controlled third-party marketplaces, thus helping developers comply with the DMA’s requirements and maintain user trust.

Verimatrix’s security solutions and business processes are engineered to comply with DMA. Its proactive approach to cybersecurity addresses several critical security concerns, such as man-in-the-middle attacks, reverse engineering, and unauthorized data access, through a range of sophisticated security technologies including AI-driven malware detection and advanced cryptography solutions. This level of protection is crucial for developers aiming to meet DMA compliance while ensuring that their applications are safe across diverse distribution channels. By integrating Verimatrix XTD into their development and operational pipelines, developers can significantly enhance the security of their mobile apps, addressing the OWASP top 10 mobile vulnerabilities, and ultimately support a safer, more competitive market environment as envisaged by the DMA.

CISA OMB Attestation Mandate

The CISA OMB Attestation Mandate represents a significant shift in the compliance landscape for software suppliers to federal agencies, requiring verifiable security standards to be met as a baseline for federal software contracts. Verimatrix XTD, with its comprehensive suite of mobile and application security solutions, is ideally positioned to assist developers in meeting these rigorous standards. The suite offers a variety of tools like real-time threat detection, advanced malware protection, and robust application shielding technologies, such as code obfuscation and anti-tampering measures. These features are crucial for maintaining software integrity and security, thereby ensuring compliance with the mandate’s requirements. By implementing these security measures, developers can not only avoid the risks of non-compliance, which includes financial penalties and the potential exclusion from future government contracts, but also enhance the overall security posture of their applications, making them safer for federal use.

Verimatrix’s security solutions and business processes are engineered to comply with CISA OMB. Verimatrix XTD’s capabilities extend to continuous monitoring and automated testing, aligning with the mandate’s emphasis on ongoing compliance rather than a one-time checklist approach. This ongoing monitoring is supported by Verimatrix’s AI/ML-driven threat intelligence, which helps in detecting and responding to new and evolving threats in real time. Furthermore, the suite’s flexible deployment options, ranging from on-premises to cloud-based implementations, ensure that all types of applications, whether mobile, embedded, desktop, or web, can achieve and maintain the necessary security standards. This comprehensive coverage not only helps developers meet the immediate compliance requirements but also supports long-term security strategies, crucial for sustaining collaborations with government entities under the new mandate.

Europe's Cyber Resilience Act

The forthcoming Cyber Resilience Act (CRA) by the EU sets a new standard for the security of digital products, pushing developers and manufacturers to adopt a “security by design” approach throughout the lifecycle of their products. This initiative aims to protect consumer data and ensure the integrity of the digital market, with severe penalties for non-compliance. Verimatrix XTD supports this initiative by providing comprehensive security tools that assist developers in creating and maintaining secure applications from inception to deployment. The XTD suite includes capabilities for real-time threat detection, malware prevention, and rigorous app shielding techniques such as code obfuscation and anti-tampering measures. These tools are critical for ensuring that apps are not only designed securely but continue to operate safely under the evolving threats, thereby aligning with the CRA’s requirements for digital products.

Verimatrix’s security solutions and business processes are engineered to comply with CRA. Verimatrix XTD’s approach of integrating security into the development lifecycle mirrors the CRA’s emphasis on enduring security practices, rather than one-off compliance checks. By implementing continuous monitoring and automated security testing, Verimatrix XTD ensures that applications remain compliant over time, which is vital for developers aiming to meet the CRA standards. This lifecycle approach to security, supported by Verimatrix’s advanced AI/ML malware detection and a suite of DevSecOps tools, allows developers to preemptively address vulnerabilities and enhance the resilience of their applications. Additionally, the flexibility of XTD’s deployment options—from on-premises solutions to fully managed services—ensures that all applications, regardless of their operating environment, can achieve and maintain the high security standards demanded by the CRA, thus fostering digital trust and compliance across the tech industry.

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA), which applies to a wide range of financial entities, aims to strengthen the cybersecurity framework in the EU by mandating ICT risk management practices. Verimatrix’s XTD platform offers a comprehensive solution to help financial institutions comply with DORA by securing mobile apps and web platforms, safeguarding sensitive data, detecting real-time threats, and ensuring operational resilience.

With Verimatrix XTD, organizations can proactively mitigate cybersecurity risks, manage security incidents efficiently, and leverage the solution to help maintain compliance with DORA to avoid penalties. Its advanced protection also addresses third-party risks, enhancing overall resilience against ICT threats.

For more information on how Verimatrix can help you achieve DORA compliance, visit our DORA compliance page.

NIS2

NIS2 is an EU directive that builds on the original Network and Information Security Directive created in response to growing cyber threats in Europe. NIS2 aims to strengthen cybersecurity across critical business sectors, such as healthcare, finance, and e-commerce by establishing tighter requirements for managing all types of cyber risks – including risks to mobile apps.

With advanced app shielding, Verimatrix XTD adds a layer of protection that prevents tampering, malicious code injection, and data theft, making it significantly harder for cybercriminals to exploit mobile app vulnerabilities. Verimatrix XTD’s multi-layered approach with real-time threat detection and rapid response capabilities helps organizations recover faster from cyberattacks, minimizing downtime and protecting customer trust. By integrating Verimatrix XTD’s advanced app shielding, businesses can ensure their apps stay secure, meet NIS2 requirements, and remain resilient against emerging threats.

Learn more about mobile app shielding in the age of NIS2 here.

NYDFS NYCRR 500

The NYDFS NYCRR 500 Cybersecurity Regulation is a directive from the New York State Department of Financial Services designed to address cybersecurity risks within financial services companies operating in New York. The regulation requires these companies to establish a cybersecurity program tailored to their specific risks, with provisions for senior management oversight and annual certification of compliance. The regulation aims to safeguard both the information systems of regulated entities and the personal data of their customers, thereby ensuring the overall safety and integrity of financial institutions.

Verimatrix’s security solutions and business processes are engineered to comply with NYDFS NYCRR 500. Verimatrix offers cybersecurity solutions to help NY financial institutions comply with the requirements of NYDFS NYCRR 500, especially concerning mobile applications. Verimatrix’s Mobile App Security Risk Assessment allows companies to evaluate the security readiness of its mobile apps by identifying vulnerabilities and providing recommendations for security enhancements, which can be further fortified by using Verimatrix XTD. This suite of robust cybersecurity solutions enables companies to manage and monitor potential cyber threats effectively, covering all phases from protection to detection and response to threat events. Verimatrix’s award-winning on-premises tools and cloud platform services assist customers meet the stringent cybersecurity and compliance demands set by the NYDFS NYCRR 500.

MovieLabs

The MovieLabs Enhanced Content Protection specifications for Ultra HD content are a comprehensive set of security standards designed by MovieLabs, a collaboration of major Hollywood studios. These specifications aim to safeguard high-value Ultra HD and 4K content by mandating advanced security measures. Key components include forensic watermarking, which is essential for tracing the origin of pirated content. Additionally, the standards emphasize hardware-rooted security measures in devices that handle, store, and play back content, ensuring that all content paths are secure and resilient against unauthorized access.

Secure transmission and output control are also critical aspects of the MovieLabs specifications. Content must be transmitted securely to prevent interception, and outputs that do not support secure transmission must be disabled to thwart unauthorized recordings. Furthermore, the specifications enforce robustness rules that require devices to be resistant to hacking and tampering, enhancing overall system security. To keep up with emerging threats, the specifications include provisions for the renewability of security systems, allowing updates to security keys and software to address vulnerabilities as they arise.

Verimatrix’s video security solutions and business processes are meticulously engineered to align with the MovieLabs Enhanced Content Protection specifications for Ultra HD content. This alignment underscores Verimatrix’s commitment to providing top-tier security in the handling, transmission, and management of high-value content. By incorporating these rigorous standards into their operations, Verimatrix ensures that their systems are not only compliant with current industry benchmarks but are also equipped to adapt to future security challenges, maintaining a high level of trust and reliability in the competitive content security and anti-piracy market.

4. How We Secure Our Platforms, Products and Processes

At Verimatrix, our platforms, products, and processes prioritize security, reliability, and compliance. Our platforms utilize advanced encryption and robust authentication to ensure data integrity. Our products meet the highest industry standards with technologies designed to prevent unauthorized access. Our processes are streamlined for optimal performance and security, including rigorous testing and continuous monitoring. Committed to global compliance standards, Verimatrix delivers secure, high-quality solutions that respond to our customers’ evolving needs.

MFA Application Security

Verimatrix supports multi-factor authentication (MFA) to provide customers with robust security layers for accessing its products and cloud services, thwarting potential unauthorized access to administrator credentials, a common target for cyberattacks. Given that MFA blocks approximately 99.9 percent of account compromise attempts, it ensures the safety of administrator passwords, allowing businesses to focus on their core operations.

Data Encryption in Transit and at Rest

Verimatrix ensures enhanced data security through the activation of Transport Layer Security (TLS 1.2) ciphers for data in transit. This encryption prevents third-party snooping on any data entering or leaving Verimatrix’s cloud services. Similarly, data at rest is secured using the Advanced Encryption Standard 256-bit (AES256) cipher, guaranteeing the safety and integrity of the stored data.

Vulnerability Testing

Verimatrix engages both independent and external entities for regular application-level and infrastructure-level vulnerability assessments. Additionally, we conduct internal scans and testing of Verimatrix applications on a regular basis, applying necessary security patches or updates. The results from these tests are thoroughly reviewed and discussed across all levels of our organization, including our management.

Personnel and Access Management

Verimatrix’s personnel policies apply to all employees with direct access to our internal information systems, our cloud infrastructure, or our physical workspaces. Access is tightly controlled and based strictly on each individual’s role and their specific operational requirements.

Security Management

All Verimatrix employees undergo annual privacy and security training, with those holding elevated access levels required to obtain biannual security certifications from accredited institutions. The company ensures all security and privacy concerns are promptly addressed and that non-compliance with our policies could lead to serious consequences, including termination.

System Monitoring

Verimatrix conducts extensive monitoring and logging across all servers, routers, and systems within our production environment, retaining logs as legally required to ensure our operations remain secure.

Data Protection Compliance

Verimatrix is deeply committed to the privacy and security of company data. Our mission is to align our practices with the highest standards of data security and compliance. Our rigorous security controls include data encryption, access controls, and robust incident response protocols.

Data Center Security

Recognizing the importance of data sovereignty, Verimatrix offers multiple data center locations via our cloud partnership with Amazon Web Services (AWS), allowing customers to choose where their data resides, ensuring compliance with local privacy laws. For instance, our support of AWS data centers in Canada ensures that Canadian data is stored domestically, adhering to Canada’s privacy legislation, such as PIPEDA.