Date: April 15, 2025
Time: 4:30 PM EEST | 9:30 AM EDT | 7:00 PM IST
Topic: Hacking Payment Services: Real-World Business Logic Attack Scenarios
Abstract: This webinar offers an in-depth exploration of real-world business logic attacks that impact the banking and fintech sectors. It examines how legitimate functions can be exploited to perform malicious attacks that lead to financial losses for institutions. By understanding these threats, participants will gain insight into the evolving tactics used by attackers targeting modern financial services. The webinar will first examine how various techniques can compromise modern payment services by ethically attacking every step in the payment flow of financial services. This includes the entire process from customer registration and login through the eKYC process to various payment services, including real-time payments, banking services (such as credit card issuance and replacement), and BNPL (Buy Now, Pay Later) services.
Real-world attack scenarios will be uncovered, including bypassing AI-based eKYC verification techniques, taking over accounts, executing real-time payments without deducting funds from the sender’s account, obtaining paid banking services for free, breaking BNPL limits, and much more. In addition to exposing these tactics, the webinar will also address the financial impact of these attacks on businesses. It will provide insights into how these attacks are executed and discuss effective strategies to mitigate these vulnerabilities.
Key takeaways:
- Understanding business logic attacks: Explore how legitimate functions in registration, eKYC, and payment workflows can be exploited for malicious purposesses.
- Comprehensive attack scenarios: Understand real-world attack techniques, including AI-based eKYC verification bypass, account takeover, fraudulent real-time payments, and BNPL manipulation.
- Financial impact of attacks: Learn about the significant financial risks these attacks pose to banking institutions.
- Mitigation strategies: Discover effective, actionable methods to identify and defend against business logic vulnerabilities in modern payment systems.
- Security best practices: Know how to secure payment services with cybersecurity best practices to minimize risks.
Speaker:
Heba Farahat,Sr. Cybersecurity Consultant at Liquid C2 MENA
Bio: Heba works as a senior cybersecurity consultant, empowering, supporting, and consulting for the largest companies in the Middle East across various sectors, including banking, telecom, insurance, tourism, and fintech. She holds many advanced certifications, including CISSP, CRTE, CRTP, OSCP, eWPT, and CEH. Besides her work, Heba is actively involved in mentorship programs, where she delivers talks and training to diverse audiences at local, regional, and international conferences, as well as in schools, universities, and corporations to spread knowledge and awareness about cybersecurity.
Awards and Acknowledgments:
- Top 20 Women of the World in Cybersecurity Edition 2024
- Two zero-days in SD-WAN Cisco products: CVE-2023-20261 and CVE-2023-20254
- Women Ethical Hacker of the Year Award 2022
- Rising Star Middle East Award 2020
- Top 50 Women in Cybersecurity in Africa Award 2020
- IFSEC Global Security Influencer Award 2019
