POINT OF SALE SYSTEM ARCHITECTURE AND SECURITY

Black Hat USA 2014

Presented by: Lucas Zaichkowsky
Date: Wednesday August 06, 2014
Time: 14:15 - 14:45
Location: South Seas GH

To most people, Point of Sale (POS) systems with integrated payment processing are a black box where magic happens. Financial criminals breach hundreds of merchants each year, displaying a better understanding of how these systems operate than the dealer technicians that install and maintain them. With an understanding of POS architecture, integrated payment processing, and weaknesses in the technology, security professionals can better protect local businesses, major retailers, and developers handling payment card information. In this session, attendees will learn and see how POS components operate, their integration points, and the flow of payment data including where it's most vulnerable. A live demonstration will show exactly what sensitive data is passed in the clear by both magstripe and EMV chip readers, mapping it from peripheral all the way through the electronic payments infrastructure. Common attack vectors will then be presented, building on that architectural knowledge. Finally, top attack mitigations will be provided to save businesses from being breached and the disastrous losses that result.

Lucas Zaichkowsky

Lucas Zaichkowsky is the Enterprise Defense Architect at AccessData, responsible for providing expert guidance on the topic of Cybersecurity. Prior to joining AccessData, Lucas was a Technical Sales Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the world's most sophisticated attack groups.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats