Book Review – Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions
The recent number of high profile retail data breaches has many businesses and security practitioners concerned and for good reason. Retail giants such as Target and Neiman Marcus have suffered from mega breaches, leaving tens of millions of credit cards compromised and leading many to ask how it is possible hackers are able to compromise seemingly secure payment systems.
Slava Gomzin who is a Security and Payments Technologist at HP recently authored an excellent book on the topic “Hacking Point of Sale:Payment Application Secrets, Threats, and Solutions“.
Don’t let the title of the book fool you, it’s intended audience isn’t the nefarious hacker types, quite the contrary, the book should become required reading for anyone involved in electronic payments, I would even say not even just those involved in specifically point-of-sale, as quite a few of the topics covered carry over into eCommerce as well.
The language of the book is not overly technical, in fact those involved in the business side can easily understand the concepts outlined in the book and it is a good resource to understand terminology and basic architectures. For the security geeks there are also code samples and more technical details on various topics.The book outlines the architecture of payment systems and identifies inherent vulnerabilities as well as why PCI is not enough, with concrete examples that you can test yourself.