Point of Sale System Architecture and Security

by Lucas Zaichkowsky
Sept. 22, 2017 0 comments Black Hat belen_caty POS

To most people, Point of Sale (POS) systems with integrated payment processing are a black box where magic happens. Financial criminals breach hundreds of merchants each year, displaying a better understanding of how these systems operate than the dealer technicians that install and maintain them. With an understanding of POS architecture, integrated payment processing, and weaknesses in the technology, security professionals can better protect local businesses, major retailers, and developers handling payment card information. In this session, attendees will learn and see how POS components operate, their integration points, and the flow of payment data including where it's most vulnerable. A live demonstration will show exactly what sensitive data is passed in the clear by both magstripe and EMV chip readers, mapping it from peripheral all the way through the electronic payments infrastructure. Common attack vectors will then be presented, building on that architectural knowledge.