Security Horror Stories in Payments
Submitted by Abhay Rana (Nemo) (@captn3m0) on Saturday, 26 November 2016
Section: Full talk Technical level: Intermediate
I’ve been working in the Payments Industry for more than a year now, handling security along with many other things at Razorpay. This talk is about the learnings and the fails I’ve seen across many players in the current payment industry.
Things this talk will cover:
- Broken crypto code in many payment gateways
- Horror stories we’ve seen from various banks
- How convoluted security is at various banks and organizations
This is a small talk, and is slightly more focused towards people working with banks/payments/developers. I’ll be showing example code that should point out both the obvious and not-so-obvious mistakes that organizations make when it comes to security. The primary takeaways from the talk are fairly simple: Don’t roll your own crypto.
Unfortunately, this golden rule is broken on a daily basis by almost everyone in the industry.
Nemo is a developer at Razorpay, where he gets to interact with various organizations in the FinTech industry on a daily basis. He’s the resident security geek, which is how he managed to collect the material for this talk.