50p 2017

A conference about India's digital payments ecosystem.

Participate

Security Horror Stories in Payments

Submitted by Abhay Rana (Nemo) (@captn3m0) on Saturday, 26 November 2016

Section: Full talk Technical level: Intermediate

View proposal in schedule

Abstract

I’ve been working in the Payments Industry for more than a year now, handling security along with many other things at Razorpay. This talk is about the learnings and the fails I’ve seen across many players in the current payment industry.

Outline

Things this talk will cover:

  • Broken crypto code in many payment gateways
  • Horror stories we’ve seen from various banks
  • How convoluted security is at various banks and organizations

This is a small talk, and is slightly more focused towards people working with banks/payments/developers. I’ll be showing example code that should point out both the obvious and not-so-obvious mistakes that organizations make when it comes to security. The primary takeaways from the talk are fairly simple: Don’t roll your own crypto.

Unfortunately, this golden rule is broken on a daily basis by almost everyone in the industry.

Speaker bio

Nemo is a developer at Razorpay, where he gets to interact with various organizations in the FinTech industry on a daily basis. He’s the resident security geek, which is how he managed to collect the material for this talk.

Slides

https://speakerdeck.com/captn3m0/security-horror-stories-in-payments

Comments

Login with Twitter or Google to leave a comment