Overview
Explore a comprehensive Black Hat conference talk that delves into the vulnerabilities of payment Points of Interaction (POI) devices. Learn how security standards in the payment industry can be bypassed through simple file modifications and communication protocol manipulations. Discover the main flaws in POI devices and witness live demonstrations of weaknesses in a widely used pinpad. Understand how EMV bypassing, PIN protection avoidance, and PAN scraping can be achieved without exploiting the operating system. Gain insights into various payment architectures, exploitation techniques, and mitigation strategies, including point-to-point encryption and PIN pad encryption. Examine the consumer perspective on unusual prompts and enhance your understanding of payment security challenges in this 50-minute presentation by Nir Valtman and Patrick Watson.
Syllabus
Introduction
Challenge
Security through obscurity
Architecture types
How payments work
Exploiting payment flows
Demo
Getting EMV Data
Active Attacks
Demonstration
Mitigation
Pointtopoint Encryption
PIN Pad Encryption
Offline
Encryption
Authentication
Consumer Perspective
Unusual Prompts
Summary
Questions
Taught by
Black Hat