Breaking Payment Points of Interaction (POI)

by Nir Valtman, Patrick Watson Sept. 15, 2017 via www.blackhat.com submitted by belen_caty

The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security. The best example for that is the ability to bypass protections put in place by points of interaction (POI) devices, by simple modifying several files on the point of sale or manipulating the communication protocols. In this presentation, we will explain the main flaws and provide live demonstrations of several weaknesses on a widely used pinpad. We will not exploit the operating system of the pinpad, but actually bypass the application layer and the business logic protections, i.e. the crypto algorithm is secure, but everything around it is broken. As part of our demos, we will include EMV bypassing, avoiding PIN protections and scraping PANs from various channels.

https://www.blackhat.com/us-16/briefings.html#breaking-payment-points-of-interaction-poi

Avatar
mrowton 1 month ago

I love this presentation because it has a cat in it, haha

Reply
Avatar
Steven Ulm 1 month ago

Not sure about the cat, but it is definitely good stuff! Thank you for sharing it with us!

Reply