book

Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

Name: Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions
Author: Slava Gomzin
ISBN: 9781118810118

by Slava Gomzin

February 2014

Intermediate to advanced

312 pages

6h 58m

English

Wiley

Read now

Unlock full access

Cover
Part I: Anatomy of Payment Application Vulnerabilities
Chapter 1: Processing Payment Transactions
Payment CardsCard Entry MethodsKey PlayersMore PlayersEven More PlayersPayment StagesPayment TransactionsKey Areas of Payment Application VulnerabilitiesSummaryNotes
Chapter 2: Payment Application Architecture
Essential Payment Application BlocksCommunication Between ModulesDeployment of Payment ApplicationsSummaryNotes
Chapter 3: PCI
What is PCI?PCI StandardsPCI GuidelinesSummaryNotes
PART II: Attacks on Point-of-Sale Systems
Chapter 4: Turning 40 Digits into Gold
Magic PlasticPhysical Structure and Security FeaturesInside the Magnetic StripeRegular ExpressionsGetting the Dumps: HackersConverting the Bits into Cash: CardersMonetization Strategies: CashersProducing Counterfeit CardsSummaryNotes
Chapter 5: Penetrating Security Free Zones
Payment Application MemorySniffingExploiting Other VulnerabilitiesSummaryNotes
Chapter 6: Breaking into PCI-protected Areas
PCI Areas of InterestData at Rest: The Mantra of PCIData in Transit: What is Covered by PCI?SummaryNotes
Part III: Defense

Chapter 7: Cryptography in Payment Applications
The Tip of the IcebergSymmetric, Asymmetric, or One-way?Does Size Matter?Symmetric EncryptionAsymmetric EncryptionOne-way EncryptionDigital SignaturesCryptographic HardwareCryptographic StandardsSummaryNotes
Chapter 8: Protecting Cardholder Data
Data in MemoryData in TransitData at RestPoint-to-point EncryptionEMVMobile and Contactless PaymentsSummaryNotes
Chapter 9: Securing Application Code
Code SigningSigning Configuration and Data FilesCode ObfuscationSecure Coding GuidelinesSummaryNotes
Conclusion
Appendix A: POS Vulnerability Rank Calculator
Security Questionnaire and Vulnerability RankThe Scoring SystemInstructionsPOS Security QuestionnaireDecoding the Results
Appendix B: Glossary of Terms and Abbreviations
Introduction
Author's NoteWho This Book Is ForPros and Cons of Security Through ObscurityWhat This Book Is NotHow This Book Is StructuredNotes

Overview

Must-have guide for professionals responsible for securing credit and debit card transactions

As recent breaches like Target and Neiman Marcus show, payment card information is involved in more security breaches than any other data type. In too many places, sensitive card data is simply not protected adequately. Hacking Point of Sale is a compelling book that tackles this enormous problem head-on. Exploring all aspects of the problem in detail - from how attacks are structured to the structure of magnetic strips to point-to-point encryption, and more – it's packed with practical recommendations. This terrific resource goes beyond standard PCI compliance guides to offer real solutions on how to achieve better security at the point of sale.

A unique book on credit and debit card security, with an emphasis on point-to-point encryption of payment transactions (P2PE) from standards to design to application

Explores all groups of security standards applicable to payment applications, including PCI, FIPS, ANSI, EMV, and ISO

Explains how protected areas are hacked and how hackers spot vulnerabilities

Proposes defensive maneuvers, such as introducing cryptography to payment applications and better securing application code

Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is essential reading for security providers, software architects, consultants, and other professionals charged with addressing this serious problem.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide

Publisher Resources

ISBN: 9781118810071Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills