Payment Systems Security

  1. Threat Landscape and Attack Vectors
    1. Malware-Based Attacks
      1. Point-of-Sale Malware
        1. RAM Scraping Techniques
          1. Memory Parsing Methods
            1. Persistence Mechanisms
              1. Detection and Prevention
              2. Keylogging Attacks
                1. Hardware Keyloggers
                  1. Software Keyloggers
                    1. Virtual Keyboard Bypasses
                      1. Anti-Keylogging Techniques
                      2. Banking Trojans
                        1. Web Injection Techniques
                          1. Man-in-the-Browser Attacks
                            1. Mobile Banking Trojans
                              1. Trojan Detection Methods
                            2. Network-Based Attacks
                              1. Man-in-the-Middle Attacks
                                1. SSL Stripping Techniques
                                  1. Certificate Spoofing
                                    1. Session Hijacking
                                      1. ARP Poisoning
                                      2. DNS-Based Attacks
                                        1. DNS Spoofing
                                          1. DNS Cache Poisoning
                                            1. DNS Tunneling
                                              1. DNSSEC Implementation
                                              2. Traffic Analysis Attacks
                                                1. Packet Sniffing
                                                  1. Protocol Analysis
                                                    1. Traffic Pattern Analysis
                                                      1. Network Segmentation Defense
                                                    2. Web Application Attacks
                                                      1. Client-Side Attacks
                                                        1. Formjacking Attacks
                                                          1. Magecart Attack Techniques
                                                            1. Third-Party Script Risks
                                                              1. E-skimming Methods
                                                              2. Server-Side Attacks
                                                                1. Injection Attacks
                                                                  1. Cross-Site Scripting
                                                                    1. Cross-Site Request Forgery
                                                                      1. Server-Side Request Forgery
                                                                      2. API-Specific Attacks
                                                                        1. API Enumeration
                                                                          1. Parameter Tampering
                                                                            1. Rate Limiting Bypass
                                                                              1. Authentication Bypass
                                                                            2. Physical Security Threats
                                                                              1. Card Skimming
                                                                                1. Skimmer Device Types
                                                                                  1. Overlay Skimmers
                                                                                    1. Insert Skimmers
                                                                                      1. Detection Techniques
                                                                                      2. EMV Shimming
                                                                                        1. Shimming Device Operation
                                                                                          1. Chip Card Vulnerabilities
                                                                                            1. Countermeasures
                                                                                              1. Detection Methods
                                                                                              2. Device Tampering
                                                                                                1. Terminal Substitution
                                                                                                  1. Device Authentication
                                                                                                    1. Inventory Management
                                                                                                      1. Physical Security Controls
                                                                                                    2. Fraud Schemes and Social Engineering
                                                                                                      1. Account-Based Fraud
                                                                                                        1. Account Takeover Methods
                                                                                                          1. Credential Stuffing Attacks
                                                                                                            1. Password Spraying
                                                                                                              1. Social Engineering Tactics
                                                                                                              2. Identity-Based Fraud
                                                                                                                1. New Account Fraud
                                                                                                                  1. Synthetic Identity Creation
                                                                                                                    1. Identity Verification Bypass
                                                                                                                      1. Document Fraud
                                                                                                                      2. Transaction-Based Fraud
                                                                                                                        1. Bust-Out Fraud Patterns
                                                                                                                          1. Friendly Fraud Schemes
                                                                                                                            1. Chargeback Abuse
                                                                                                                              1. Return Fraud
                                                                                                                              2. Social Engineering Attacks
                                                                                                                                1. Phishing Campaigns
                                                                                                                                  1. Email Phishing
                                                                                                                                    1. Spear Phishing
                                                                                                                                      1. Vishing Attacks
                                                                                                                                        1. Pretexting Techniques