Abstract
With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widely-applicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and relevant security assessment approaches for such cases are yet to be investigated in a comprehensive manner. Therefore, in this paper we present a security assessment framework for payment systems under PCI DSS incompatibilities. Moreover, we analyze a case study to evaluate our proposal and to provide some guidelines to security experts for assessment of PCI DSS compliance.
Chapter PDF
Similar content being viewed by others
Keywords
References
Liu, J., Xiao, Y., Chen, H., Ozdemir, S., Dodle, S., Singh, V.: A survey of payment card industry data security standard. IEEE Communications Surveys and Tutorials 12(3), 287–303 (2010)
Choo, K.K.R.: New payment methods: A review of 2010-2012 FATF mutual evaluation reports. Computers & Security 36, 12–26 (2013)
Payment Card Industry (PCI) Data Security Standard: Requirements and security assessment procedures. (November 2013), https://www.pcisecuritystandards.org/security_standards/documents.php/
Peterson, G.: From auditor-centric to architecture-centric: SDLC for PCI DSS. Information Security Technical Report 15(4), 150–153 (2010)
Ataya, G.: PCI DSS audit and compliance. Information Security Technical Report 15(4), 138–144 (2010)
Verizon Risk Team: Verizon Enterprise Risk and Incident Sharing Metrics Framework (2013), http://www.verizonenterprise.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf
Trustwave’s SpiderLabs: Global security report (2013), https://www2.trustwave.com/2013GSR.html
Ogundele, O., Zavarsky, P., Ruhl, R., Lindskog, D.: The implementation of a full EMV smartcard for a point-of-sale transaction and its impact on the PCI DSS. In: Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on Social Computing (SocialCom), pp. 797–806 (September 2012)
Rowlingson, R., Winsborrow, R.: A comparison of the payment card industry data security standard with ISO17799. Computer Fraud&Security 2006(3), 16–19 (2006)
Baker, W., Hutton, A., Hylender, C.D., Pamula, J., Porter, C., Spitler, M.: 2011 data breach investigations report (2011), http://www.verizonbusiness.com/resources/reports/rp_databreach-investigations-report-2011_en_xg.pdf
Bradley, T., Chuvakin, A., Elberg, A., Koerner, B.J.: PCI Compliance: Understand and implement effective PCI data security standard compliance. Syngress Publishing (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bahtiyar, Ş., Gür, G., Altay, L. (2014). Security Assessment of Payment Systems under PCI DSS Incompatibilities. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds) ICT Systems Security and Privacy Protection. SEC 2014. IFIP Advances in Information and Communication Technology, vol 428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55415-5_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-55415-5_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55414-8
Online ISBN: 978-3-642-55415-5
eBook Packages: Computer ScienceComputer Science (R0)