You are previewing Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions.
O'Reilly logo
Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

Book Description

Must-have guide for professionals responsible for securing credit and debit card transactions

As recent breaches like Target and Neiman Marcus show, payment card information is involved in more security breaches than any other data type. In too many places, sensitive card data is simply not protected adequately. Hacking Point of Sale is a compelling book that tackles this enormous problem head-on. Exploring all aspects of the problem in detail - from how attacks are structured to the structure of magnetic strips to point-to-point encryption, and more – it's packed with practical recommendations. This terrific resource goes beyond standard PCI compliance guides to offer real solutions on how to achieve better security at the point of sale.

  • A unique book on credit and debit card security, with an emphasis on point-to-point encryption of payment transactions (P2PE) from standards to design to application

  • Explores all groups of security standards applicable to payment applications, including PCI, FIPS, ANSI, EMV, and ISO

  • Explains how protected areas are hacked and how hackers spot vulnerabilities

  • Proposes defensive maneuvers, such as introducing cryptography to payment applications and better securing application code

  • Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is essential reading for security providers, software architects, consultants, and other professionals charged with addressing this serious problem.

    Table of Contents

    1. Cover
    2. Part I: Anatomy of Payment Application Vulnerabilities
      1. Chapter 1: Processing Payment Transactions
        1. Payment Cards
        2. Card Entry Methods
        3. Key Players
        4. More Players
        5. Even More Players
        6. Payment Stages
        7. Payment Transactions
        8. Key Areas of Payment Application Vulnerabilities
        9. Summary
        10. Notes
      2. Chapter 2: Payment Application Architecture
        1. Essential Payment Application Blocks
        2. Communication Between Modules
        3. Deployment of Payment Applications
        4. Summary
        5. Notes
      3. Chapter 3: PCI
        1. What is PCI?
        2. PCI Standards
        3. PCI Guidelines
        4. Summary
        5. Notes
    3. PART II: Attacks on Point-of-Sale Systems
      1. Chapter 4: Turning 40 Digits into Gold
        1. Magic Plastic
        2. Physical Structure and Security Features
        3. Inside the Magnetic Stripe
        4. Regular Expressions
        5. Getting the Dumps: Hackers
        6. Converting the Bits into Cash: Carders
        7. Monetization Strategies: Cashers
        8. Producing Counterfeit Cards
        9. Summary
        10. Notes
      2. Chapter 5: Penetrating Security Free Zones
        1. Payment Application Memory
        2. Sniffing
        3. Exploiting Other Vulnerabilities
        4. Summary
        5. Notes
      3. Chapter 6: Breaking into PCI-protected Areas
        1. PCI Areas of Interest
        2. Data at Rest: The Mantra of PCI
        3. Data in Transit: What is Covered by PCI?
        4. Summary
        5. Notes
    4. Part III: Defense
      1. Chapter 7: Cryptography in Payment Applications
        1. The Tip of the Iceberg
        2. Symmetric, Asymmetric, or One-way?
        3. Does Size Matter?
        4. Symmetric Encryption
        5. Asymmetric Encryption
        6. One-way Encryption
        7. Digital Signatures
        8. Cryptographic Hardware
        9. Cryptographic Standards
        10. Summary
        11. Notes
      2. Chapter 8: Protecting Cardholder Data
        1. Data in Memory
        2. Data in Transit
        3. Data at Rest
        4. Point-to-point Encryption
        5. EMV
        6. Mobile and Contactless Payments
        7. Summary
        8. Notes
      3. Chapter 9: Securing Application Code
        1. Code Signing
        2. Signing Configuration and Data Files
        3. Code Obfuscation
        4. Secure Coding Guidelines
        5. Summary
        6. Notes
    5. Conclusion
    6. Appendix A: POS Vulnerability Rank Calculator
      1. Security Questionnaire and Vulnerability Rank
      2. The Scoring System
      3. Instructions
      4. POS Security Questionnaire
      5. Decoding the Results
    7. Appendix B: Glossary of Terms and Abbreviations
    8. Introduction
      1. Author's Note
      2. Who This Book Is For
      3. Pros and Cons of Security Through Obscurity
      4. What This Book Is Not
      5. How This Book Is Structured
      6. Notes