The Weakest Element of Acquiring Bank Infrastructure

Explore a critical analysis of Terminal Management Systems (TMS) in acquiring bank infrastructure during this 31-minute conference talk from the Hack In The Box Security Conference. Delve into the first comprehensive research on TMS security, examining its role in remote POS terminal management and configuration. Uncover potential misconfigurations in acquiring systems and POS terminals, and learn about attacks on TMS servers that could lead to forged payments, unauthorized operation cancellations, and compromised acquiring networks. Gain insights from the speakers' analysis of several acquiring systems and TMS servers, revealing critical vulnerabilities and common misconfigurations. Follow the presentation's agenda, covering TMS basics, protocol vulnerabilities, specific vendor cases, and transaction forgery techniques. Benefit from the expertise of two seasoned security researchers as they shed light on this often-overlooked aspect of financial system security.

Intro
Agenda
Terminal Management Systems
Protocols Vulnerability
Bravo
How it works
Vendor Charlie
Transaction forgerist
Cheap transactions
Conclusion