Electronic payments may be performed in a variety of ways. A payment terminal may process payment transactions, and may interact with payment devices such as a payment card having a magnetic strip that is swiped in a magnetic reader of the payment terminal, a payment device having a Europay/Mastercard/Visa (EMV) chip that is inserted into corresponding EMV slot of the payment terminal, and near field communication (NFC) enabled devices such as a smart phone or EMV card that is tapped at the payment terminal and transmits payment information over a secure wireless connection. The payment terminal may receive payment information from the payment device as well as information about a transaction, and may communicate this information to a payment system for processing of the transaction.
As a result of its central role in the transaction processing system, the payment terminal is a prime target for third party attackers attempting to access payment information, process fraudulent transactions, and otherwise engage in fraudulent activities or theft. In many cases, the attackers attempt to physically access components of the payment terminal, such as one or more communication lines carrying data or a processor that communicates and processes payment information. Attackers may attempt to eavesdrop on signals (e.g., a passive attack) or to modify or spoof payment processing communications (e.g., an active attack) by injecting malicious signals into the payment terminal.
The payment terminal may attempt to identify fraudulent transactions and tamper attempts using software based techniques. However, the use of software to identify fraudulent transactions and tamper attempts may be limited because the software only has access to certain information regarding the operation of the payment terminal. For example, the operating system for the payment terminal may limit the ability of software programs (e.g., the fraud and tamper identification software) to access certain portions of memory, which access restrictions can affect the ability of the software to determine when the payment terminal may have been compromised by unauthorized activity.