Chapter 1

Processing Payment Transactions

Because people have no thoughts to deal in, they deal cards, and try and win one another's money. Idiots!

Arthur Schopenhauer

In order to understand the vulnerability points of point-of-sale and payment applications, it is necessary to know the basics—how, when, and why sensitive cardholder data moves between different peers during the payment transaction cycle:

  • Why (the reason): Is it really necessary to hold, store, and transmit this data throughout the entire process?
  • How (the location and the routes): What are the areas with a concentration of sensitive records?
  • When (the timing): How long is this information available in those areas?

Payment Cards

The use of payment cards is obviously one of the main subjects of this book. There are several main types of payment cards commonly used for payments:

The credit card was the first payment card and it is still very common. By paying with a credit card, customers use their available credit and pay the bill afterwards. Credit cards are not usually protected by a Personal Identification Number (PIN), which allows them to be used for online purchases.
The debit (ATM, Cash) card is a relatively new method of payment. It is different from a credit card because the debit cardholder pays with the money available in their bank account, which is debited immediately in real time. A debit card seems to be more dangerous compared to a credit card because the debit card is directly linked to the bank ...

Get Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.