Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Tuesday, August 2 • 14:00 - 15:00
Breaking the Payment Points of Interaction (POI)

Sign up or log in to save this to your schedule and see who's attending!

The payment industry is becoming more driven by security standards. However, the corner stones are still broken even with the latest implementations of these payments systems, mainly due to focusing on the standards rather than security. The best example for that is the ability to bypass protections put in place by points of interaction (POI) devices, by simple modifying several files on the point of sale or manipulating the communication protocols. In this presentation, we will explain the main flaws and provide live demonstrations of several weaknesses on a widely used pinpad. We will not exploit the operating system of the pinpad, but actually bypass the application layer and the business logic protections, i.e. the crypto algorithm is secure, but everything around it is broken. As part of our demos, we will include EMV bypassing, avoiding PIN protections and scraping PANs from various channels.

Speakers
avatar for Nir Valtman

Nir Valtman

Head of Application Security, NCR Corporation
Nir Valtman is heading the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, OWASP etc. Nir has... Read More →
avatar for Patrick Watson

Patrick Watson

Application Security Architect, NCR Corporation
Patrick Watson is an Application Security Architect specializing in electronic payment systems. He joined Radiant Systems, later acquired by NCR Corporation, to build payment middleware for point of sale suites. Working with over 50 payment processor interfaces, primarily in the petroleum market, Patrick has designed and implemented many of the security systems protecting your credit card and personal data. No stranger to PA-DSS and PCI DSS, he... Read More →


Tuesday August 2, 2016 14:00 - 15:00
Breaking Ground Florentine A