Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

Hacking Point of Sale describes the payment application security as a journey from the failure of the security through obscurity approach to the power of real cryptographic solutions. All aspects of card-payment processing, from the structure of magnetic stripes to the architecture and deployment models of payment applications, are reviewed from the viewpoint of security. Although there is an entire chapter about PCI, as well as multiple references to the standards (an essential part of the payment industry), the book is not a trivial guide to PCI compliance butlooks beyond PCI and provides practical recommendations on how to implement real application security controls. The book covers: Anatomy of Electronic Payments: Processing Payment Transactions; Architecture of Payment Applications; Security Standards; Attacks on Point-of-Sale Systems Turning 40 Digits into Gold: Hacking Protected Areas;Penetrating the Security-Free Zone; Exploiting Other Vulnerabilities Defense: Cryptography in Payment Applications; Protecting Cardholder Data; Securing Application Code An Appendix provides a Payment Application Security Evaluation Checklist, a handy tool for merchants, software vendors, and security assessors. The checklist will assist in security risk assessment by evaluating the quality of payment application security controls.