Bug bounty’s in Payment Systems
We interact with payments every day. Yet how many of us actually know how they work? Join us to learn about payments and techniques for spotting vulnerabilities in them.
This is a “payments 101” training course covering vulnerability research in payments and related issues and attacks.
The main goal of this course is to break the status quo of payment insecurity. We help our audience to gain a better understanding to:
• Find vulnerabilities in payment systems while staying within the law
• Obtain necessary skills and equipment.
Learn from the best in the industry—and leave with your wallet a little lighter.
• History of payments
• Magstripe, chip/EMV, NFC, card not present, mobile wallets
• POS and ATM
Card present/card not present (CNP) issues
• Magstripe attacks and threats
• EMV and threats
• NFC attacks and threats
• CNP/online issues
• What is a “payment system”, and what’s the key difference from classic targets. Issues and the threat model
• Setting up “the lab”.
• Typical scope: where what, and how we search. Where do we find a payment system to analyze it?
• What are the most interesting findings for the owners of bug bounty programs in financial organizations? How do you amplify the impact of your findings?
• Examples of found and confirmed issues