Point-of-Sale to Point-of-Fail

BSidesDC 2015

Presented by: Ken Westin
Date: Saturday October 17, 2015
Time: 14:30 - 15:20
Location: Salon A
Track: Red Team

The recent rash of retail breaches reveals a number of weaknesses in point-of-sale systems and payment gateways. Failures in PCI DSS and security practices in retail industry as a whole provided a number of opportunities for organized criminal syndicates to take advantage and exploit weaknesses. However, the blame is not solely on the retailers, but also the credit card industry itself for making these breaches and related credit card fraud so easy and lucrative for criminals. The ease of fraud increased demand for stolen credit cards and in turn increased resources allocated to attack US retailers.

This presentation will take a systemic look at not only the technical factors of how these retailers were breached and weaknesses of PCI DSS, but also how underground economies, fraud and geo politics empowered and emboldened criminal syndicates to help created a perfect storm. I will also discuss how the Secret Service and law enforcement knew about breaches before the compromised retailers and how chip and PIN technology will only have a limited impact on fraud once implemented.

Ken Westin

Ken is a Senior Security Analyst at Tripwire Inc, with 15 years of experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal's 2013 "40 Under 40". He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats