Welcome to the Payment Village

Leigh-Anne Galloway

Leigh-Anne will introduce you to the Payment Village and cover key information required to participate in the Payment Village at DEF CON 

Making sense of EMV card data – decoding the TLV format 

Dr Steven J. Murdoch

EMV (sometimes known as Chip and PIN) is the worldwide standard for smart card payments. It was designed to allow credit and debit cards issued by any bank work to make a payment through any terminal, even across international borders and despite chip cards being extremely limited in the computation they can perform. In this talk I’ll discuss how EMV achieves this difficult task, through the use of the TLV (Tag-Length-Value) data format. I will demonstrate how to decode TLV data found on real EMV chip cards, and what significance this data has in the wider payment ecosystem. Finally I’ll discuss how the use of TLV, despite its advantages, has contributed to the creation of security vulnerabilities in Chip and PIN. 

Fear and Loathing in Payment Bug Bounty 

Timur Yunusov

Bug bounty - is an easy-to-start-and-succeed Information Security area. Low entry barriers, money engagement, low risks of being sued. But none of these can be applied when it comes to payment vulnerabilities. It's hard to find banks which allow digging into their assets. We're here to try and change it! Start with payment security today, vulnerabilities are waiting.

Identity Crisis: the mad rise of online account opening fraud 

Uri Rivner 

Identity data is a commodity these days, and conducting identity theft or synthetic ID operations has never been easier. In this 100% real case study we’ll track the second-by-second operation of cyber criminals attempting to target major card issuers and digital banks. 

We’ll discuss their behavior, choices and motivations, what makes them so different than honest folks who wish to open an account online, and what next-gen data sources and analysis domains the industry is beginning to leverage against such attacks. It’s time to put up a good fight!

Online Banking Security 

Arkadiy Litvinenko  

Competition between banks leads to new opportunities for clients, which are the cause of new risks for the banks and for the clients themselves. During the talk we will discuss the internals of Online and Mobile banking, what vulnerabilities are common or specific for these services and what best practices exist for solving these problems.

PoS Terminal Security Uncovered

Aleksei Stennikov 

Everyone uses different types of payment hardware in order to pay by card everyday. But how often do you think, how secure is it? 

The speaker will talk about the payment terminals hardware internals and the approach to the security of common manufacturers, typical vulnerabilities, approaches to research and the consequences of research related to the payment security. This presentation uncovers some of results from our payment security projects.

Architecting Modern Payment Gateways in .Net core with Azure 

Menaka BaskerPillai 

In this session am going to explain how to work with payment gateways and how to implement a secured payment gateways in .net core web Apps. This session also includes some core concepts of Azure that plays an important role in transaction.