No fathers or mothers think their own children ugly; and this self-deceit is yet stronger with respect to the offspring of the mind.
—Miguel de Cervantes
In order to understand all of the different types of threats that may break the payment application (PA), it is first necessary to learn about the internal structure of these systems. The details of concrete implementations may vary from vendor to vendor, but the main design principles remain closely similar due to the narrow specialization of such applications.
Typical payment application architecture, shown in Figure 2.1, consists of external interfaces and processing modules. Interfaces are the bridges to the outer world. Processing modules drive the flow of the payment transaction.
All systems need to communicate with the outside world of peripheral hardware and external software, so device and application interfaces are essential parts of any payment application. There are three types of external interfaces that connect the PA with devices and applications:
A single payment application may have several implemented interfaces of any type, depending on the required number of supported peripherals, POS models, ...