Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

For a retail industry professional, or any business using Point of Sale devices, Mr. Gomzin has written an outstanding summary of the contemporary technical concerns related to POS security. The book is written with a technical flair, yet is well illustrated and notated with enough dialog and appropriate descriptions to cover a broad audience of readers. This book is an essential guide for the current PCI standards, and the expected security accountability of the installed POS. Mr Gomzin has a genuine gift at explaining complex scenarios and sorting out the essential details in a fluid and professional style. This is an important reference book for anyone in the retail technology business and I highly recommend and applaud Mr. Gomzin for his work. I have no doubt this is the first of more books from this talented author.

Good book and a quick read - I was able to drill through it in 5 hours. It was written with an assumption that you have a basic understanding of point-of-sale (POS) systems, which allows the author to get straight to the important material. There were extensive sections of the book that included examples of code and web links to download software so you can learn 'encryption' first-hand, but I felt this material should have been located in an appendix. Nonetheless, the information was consistent with my own knowledge and experience with POS systems and PCI compliance. Likewise, I found the recommendation for a hardware point-to-point encryption (P2PE) to be credible, but it seemed like an all-or-nothing proposition. There are many merchants with systems or vendors that do not yet support P2PE.

I came across this book shortly after starting a new job at a large credit card issuer. My job involves developing/supporting payment authentication capabilities and I wanted to find a book that would provide a good deep dive into payment processing and the risks involved. At work I had access to dozens of technical specs and overview documents to ramp up, but this book took much of that information and condensed/arranged it into a format that was much easier to digest. I would recommend this book to anyone in the payment industry as well as merchants that want to have a better understanding of payment infrastructure and vulnerabilities.

Mr. Gomzin provides valuable insight into the problems with current point-of-sale systems. If it added anything, I would repeat all the other reviews. The book is as good (or better) as these reviews indicate. Hopefully this book will be a starting point to get retailers to lock down their systems to protect cardholder data.Great book with many references for more in depth research provided through out the whole book.

Very high level. If you are looking for "POS hacking for dummies" this is your book. I didn't find a lot of new info but the author did a decent job of explaining the topic.

Excellent book to introduce one to the weaknesses of the PCI DSS and to understand POS vulnerabilities. A great resource for the PCI DSS practionnaire.

I have read the book twice in one weekend. It is full with details and explanation about the vulnerabilities of the point of sale. I really enjoyed learning about the POS security questionnaire and it opened my eye to what it needs to take place to protect sensitive data. I will highly recommend the purchase and integration of the advices presented in that book. Adley DaSilva

good book and good summary. probably will need to be updated every year given the trends in IT and Security.

Very Good Product

Compré el libro por las valoraciones, pero es un libro demasiado básico y muy orientado a las amenazas en los pagos con tarjeta de banda en los USA, tampoco exhaustivo.Apenas trata de EMV, certificaciones, marcas de tarjetas, ni de pagos con tarjeta chip, pagos contactless o pagos con móvil, ni recargas de tarjetas de transporte en puntos de venta.Solo recomendable para quien quiera saber como eran antiguamente los pagos con tarjeta magnética.Aunque mucho más antiguo con éste se tiene una mejor perspectiva de los pagos en puntos de venta:Implementing Electronic Card Payment Systems (Artech House computer security series)

I was expecting a technical book about how to methodically hack a pos. What I got is an excellent course / review on payment industry and functional aspects of the processing of card data.Not a hackers book, but an excellent book for the security officer involved in the payment industry