Payment Terminal Security Course (two days)
published on October 25, 2016
Payment terminals are usually certified under the PCI PTS requirements. PCI PTS approved payment terminals can process American Express, Discover, JCB, MasterCard and VISA transactions. To get your product certified, you’ll need to know what the requirements are and how to apply them.
To introduce the PCI PTS requirements and common attacks performed on payment terminals, including examples and exercises. The course is set up to enable participants to understand PCI PTS and start a PCI PTS evaluation at a certified security lab.
- Introduction to the PCI PTS security requirements, their purpose and how to apply them in practice (Core, SRED requirements, device management and open protocols);
- Payment terminal attack techniques and general mechanisms for protection;
- Attack potential calculation and how to determine device resistance (exercise);
- Key management and the impact on PCI PTS compliance;
- Side-channel analysis applied to payment terminals;
- Additional PCI PTS security programs;
- Details of the PCI PTS certification process.
The modules “additional PCI PTS security programs” and “details of the PCI PTS certification process” primarily focus on management aspects, while the other modules focus on techniques.
The training will take about two days.