Consumers provide payment for transactions using a variety of payment methods, such as by swiping a magnetic stripe card through a magnetic card reader, exchanging payment information wirelessly using near field communications (NFC), and dipping a Europay/Mastercard/Visa (EMV) payment card into a payment slot. Many business locations are temporary or mobile, such as food trucks, taxis, service providers, farmers' markets, and temporary “pop-up” shops. Merchants and customers need to be able to interact during transactions regarding the items and services the customer will purchase and to exchange payment information.
Customers and merchants may exchange various types of sensitive information during such transactions. Such information may include a customer's name, date of birth, address, demographic information, loyalty programs, credit card information, a personal identification number (PIN) associated with the customer's payment method, and a variety of additional confidential or unique customer or payment information. For example, a customer may be required to provide payment information such as the customer's unique PIN to receive authorization for a payment transaction and credit card information may be exchanged with payment devices (e.g., magstripe card, EMV card, or NFC payment device). Customer information such as the customer's date of birth, personal address, or shipping information also may be exchanged (e.g., such as with the merchant or a payment method issuer) during the payment transaction.
The sensitive information exchanged during the payment transaction is stored in and communicated through a device, such as a payment terminal. As of a result of its central role in the transaction processing system, the payment terminal is a prime target for third party attackers attempting to access payment information, process fraudulent transactions, and otherwise engage in fraudulent activities or theft. Criminals may attempt to monitor or tamper with the payment terminal, such as by monitoring internal or external signals of the payment terminal, physically tampering with the device to gain access to or modify internal circuitry, or by spoofing communications with interfaces of the device. As an example, attackers may attempt to physically access components of the payment terminal, such as one or more communication lines carrying data or a processor that communicates and processes payment information. Attackers may also attempt to eavesdrop on signals or to modify or spoof payment processing communications by injecting malicious signals into interfaces of the payment terminal.