Chapter 7
Cryptography in Payment Applications
All problems are finally scientific problems.
—George Bernard Shaw
Wherever there is information that needs to be protected, there lurks a need for cryptography. Not just a pure cryptography but rather its proper application. In the case of POS applications, there is the presence of sensitive cardholder data that must be hidden from prying eyes during the entire payment-processing cycle. There are remarkable books already written about cryptography.1 The goal of this chapter is not another explanation of underlying math or algorithm implementations, but cryptography applied to the payment application security through specific methods and implementations. In order to understand what protection mechanisms are available, whether they are appropriate in particular situations, and how to implement them correctly, we still need a bit of theory.
The Tip of the Iceberg
Modern payment applications already use cryptography in many cases; however, they are not always used in the most secure way. Many developers are already familiar with the principle of using well known encryption algorithm implementations rather than trying to create new, unproven, “in-house” code. The problem is that cryptography is not limited to just an algorithm implementation library, which is only the tip of the iceberg. There is the whole issue of key management, which surrounds any type of encryption and requires appropriate attention when designing the payment application. ...
Get Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
