Hacking Payment Services: Real-World Business Logic Attack Scenarios

Business logic attacks are silently exploiting legitimate fintech functions, including registration workflows, eKYC verification, and payment processes, to execute fraud without triggering traditional alarms. Heba Farahat, Sr. Cybersecurity Consultant at Liquid C2 MENA, addresses this challenge in this webinar. From bypassing AI-powered eKYC processes and executing real-time payments without funds being deducted to manipulating BNPL limits, Heba breaks down the tactics, impact, and, most importantly, how to defend against them with actionable strategies and best practices. Heba Farahat is a reputed cybersecurity expert working with leading organizations across the Middle East in sectors like banking, telecom, fintech, and insurance. She holds advanced certifications such as CISSP, OSCP, CRTE, CRTP, eWPT, and CEH. Heba is a mentor and international speaker who has received numerous accolades, including Top 20 Women of the World in Cybersecurity (2024) and the Women Ethical Hacker of the Year (2022), and is credited with discovering two zero-day vulnerabilities in Cisco SD-WAN products. EC-Council’s Certified Penetration Testing Professional (C|PENT AI) is a specialization certification designed for cybersecurity professionals aiming to learn real-world penetration testing in enterprise environments. This hands-on, challenge-based program features dynamic cyber ranges with live, multi-disciplinary networks to simulate real attacks and defenses. Whether you're an ethical hacker, red team engineer, or cyber threat analyst, C|PENT AI equips you with in-demand skills, advanced tools, and tactical methodologies to stay ahead of the curve. Learn more about C|PENT AI: https://www.eccouncil.org/train-certify/certified-penetration-testing-professional-cpent/?utm_source=Youtube+&utm_medium=CPENT-Heba-Farahat&utm_campaign=YT_long Register for our upcoming webinars: https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/ 0:00 Webinar Overview 0:29 Introducing Our Keynote Speaker 1:28 Speaker's Presentation 28:05 Introduction to EC Council C|PENT Program 31:40 Engaging Q&A Session 47:29 Thank You Message #ECCouncil #CPENT #FinancialCybersecurity #Banking #FinServCybersecurity #AI #EKYC #BNPL #PCIDSS #Cybersecurity #Cyberattack #Cyberthreat #BusinessLogicAttack