Electronic payments may be performed in a variety ways. A payment terminal may process payment transactions, and may interact with payment devices such as a payment card having a magnetic strip that is swiped in a magnetic reader of the payment terminal, a payment device having a Europay/Mastercard/Visa (EMV) chip that is dipped into corresponding EMV slot of the payment terminal, and near field communication (NFC) enabled devices such as a smartphone or EMV card that is tapped to the payment terminal and transmits payment information over a secure wireless connection. The payment terminal may receive payment information from the payment device as well information about a transaction, and may communicate this information to a payment system for processing of the transaction.
As of a result of its central role in the transaction processing system, the payment terminal is a prime target for third party attackers attempting to access payment information, process fraudulent transactions, and otherwise engage in fraudulent activities or theft. In many cases, the attackers attempt to physically access components of the payment terminal, such as one or more communication lines carrying data or a processor that communicates and processes payment information. Attackers may attempt to eavesdrop on signals (e.g., a passive attack) or to modify or spoof payment processing communications (e.g., an active attack) by injecting malicious signals into the payment terminal.
Some attacks may attempt to induce unanticipated conditions within the payment terminal. The unanticipated conditions may cause circuitry to operate in an abnormal manner that facilitates access to components, and in some instances, may cause code executed by a processor to operate in an unanticipated manner such as by branching in an unexpected manner or skipping portions of code. Attackers may exploit the payment terminal's response to the unanticipated conditions to gain access to information stored within the payment terminal, to engage in fraudulent transactions, or to monitor activities of the payment terminal.