O'Reilly logo

Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7

Cryptography in Payment Applications

All problems are finally scientific problems.

—George Bernard Shaw

Wherever there is information that needs to be protected, there lurks a need for cryptography. Not just a pure cryptography but rather its proper application. In the case of POS applications, there is the presence of sensitive cardholder data that must be hidden from prying eyes during the entire payment-processing cycle. There are remarkable books already written about cryptography.1 The goal of this chapter is not another explanation of underlying math or algorithm implementations, but cryptography applied to the payment application security through specific methods and implementations. In order to understand what protection mechanisms are available, whether they are appropriate in particular situations, and how to implement them correctly, we still need a bit of theory.

The Tip of the Iceberg

Modern payment applications already use cryptography in many cases; however, they are not always used in the most secure way. Many developers are already familiar with the principle of using well known encryption algorithm implementations rather than trying to create new, unproven, “in-house” code. The problem is that cryptography is not limited to just an algorithm implementation library, which is only the tip of the iceberg. There is the whole issue of key management, which surrounds any type of encryption and requires appropriate attention when designing the payment application. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required