Presented at ekoparty 14 (2018)
Sept. 27, 2018, 1:50 p.m.
Currently, physical and digital payment systems that use technologies such as NFC or MST change constantly, Adding to this, new technologies that in a preventive way can help to restrain certain attacks; at the same time they open new breaches that are used by attackers in a colateral way.
The workshop´s aim is to help people understand and to prevent real threats that may face any type of institution that handles digital and physical payments. The power of detecting and informing properly these attacks, understanding the logic, what areas may be exploited and what devices are implemented.
During the workshop, a critical analysis of the mind of an attacker will be revealed, as well as attacks or extraction of data never documented before by using technologies and exploiting the weak design in which current payments fall.
Salvador Mendoza is a security research focused on tokenization processes, mag-stripes information, payment systems and specialized prototypes. Salvador has presented his investigations related to security failures in payment systems and tokenization processes in international conferences like Black Hat USA, DEF CON 24/25, DerbyCon, Ekoparty, BugCON, 8dot8, OWASP, Hack in Paris y Troopers 17/18. Furthermore, Salvador has designed different tools to find faillures in physical and digital payment systems, in which MagSpoofPI, JamSpay, TokenGet, SamyKam and lately BlueSpoof are included.