Security Assessment of Payment Systems under PCI DSS Incompatibilities

被引：0

作者：

Bahtiyar, Serif ^{[1
]}

Gur, Gurkan ^{[1
]}

Altay, Levent ^{[1
]}

机构：

[1] Provus, Progress R&D Ctr, TR-34396 Istanbul, Turkey

来源：

ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, IFIP TC 11 INTERNATIONAL CONFERENCE, SEC 2014 | 2014年 / 428卷

关键词：

Payment system security; Security assessment; PCI DSS; Risk analysis; Data and applications security;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widely-applicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and relevant security assessment approaches for such cases are yet to be investigated in a comprehensive manner. Therefore, in this paper we present a security assessment framework for payment systems under PCI DSS incompatibilities. Moreover, we analyze a case study to evaluate our proposal and to provide some guidelines to security experts for assessment of PCI DSS compliance.

引用

页码：395 / 402

页数：8

共 50 条

[1] PCI DSS: Payment card industry data security standards in context
Morse, Edward A.
Raval, Vasant
Computer Law and Security Report, 2008, 24 (06): : 540 - 554
[2] Towards Secure IoT-Based Payments by Extension of Payment Card Industry Data Security Standard (PCI DSS)
Bhutta, Muhammad Nasir Mumtaz
Bhattia, Surbhi
Alojail, Mohammed Ali
Nisar, Kashif
Cao, Yue
Chaudhry, Shehzad Ashraf
Sun, Zhili
WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2022, 2022
[3] Moving Towards PCI DSS 3.0 Compliance: A Case Study of Credit Card Data Security Audit in an Online Payment Company
Shihab, Muhammad R.
Misdianti, Febriana
2014 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE AND INFORMATION SYSTEMS (ICACSIS), 2014, : 151 - 156
[4] An Integrated Security Governance Framework for Effective PCI DSS Implementation
Nicho, Mathew
Fakhry, Hussein
INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY, 2011, 5 (03) : 50 - 67
[5] Risk Assessment Management for Mobile payment security
Dai Hong
Zhong Runtong
Lan Tian
IEEE/SOLI'2008: PROCEEDINGS OF 2008 IEEE INTERNATIONAL CONFERENCE ON SERVICE OPERATIONS AND LOGISTICS, AND INFORMATICS, VOLS 1 AND 2, 2008, : 1966 - 1970
[6] Analysing the Security of NFC Based Payment Systems
Tabet, Nour Elhouda
Ayu, Media Anugerah
2016 INTERNATIONAL CONFERENCE ON INFORMATICS AND COMPUTING (ICIC), 2016, : 169 - 174
[7] The study on the Security Services in Mobile Payment Systems
Min, Cheon Hong
THIRD 2008 INTERNATIONAL CONFERENCE ON CONVERGENCE AND HYBRID INFORMATION TECHNOLOGY, VOL 1, PROCEEDINGS, 2008, : 267 - 278
[8] Role and security of payment systems in an electronic age
Fajfar, M
Current Developments in Monetary and Financial Law, Vol 4, 2005, : 709 - 723
[9] Information Security Maturity Model A Best Practice Driven Approach to PCI DSS Compliance
Yulianto, Semi
Lim, Charles
Soewito, Benfano
2016 IEEE REGION 10 SYMPOSIUM (TENSYMP), 2016, : 65 - 70
[10] A tale of two standards: strengthening HIPAA security regulations using the PCI-DSS
Gaynor, Mark
Bass, Catherine
Duepner, Bryan
HEALTH SYSTEMS, 2015, 4 (02) : 111 - 123

← 1 2 3 4 5 →