Abstract
With the ubiquitous proliferation of electronic payment systems, data and application security has become more critical for financial operations. The Payment Card Industry Data Security Standard (PCI DSS) has been developed by the payment industry to provide a widelyapplicable and definitive security compliance among all components in electronic payment infrastructure. However, the security impact of PCI DSS incompatibilities and relevant security assessment approaches for such cases are yet to be investigated in a comprehensive manner. Therefore, in this paper we present a security assessment framework for payment systems under PCI DSS incompatibilities. Moreover, we analyze a case study to evaluate our proposal and to provide some guidelines to security experts for assessment of PCI DSS compliance.
Original language | English |
---|---|
Title of host publication | ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, Proceedings |
Editors | Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, Thierry Sans |
Publisher | Springer Science and Business Media, LLC |
Pages | 395-402 |
Number of pages | 8 |
ISBN (Electronic) | 9783642554148 |
DOIs | |
Publication status | Published - 2014 |
Externally published | Yes |
Event | 29th IFIP TC 11 International Conference, SEC 2014 - Marrakesh, Morocco Duration: 2 Jun 2014 → 4 Jun 2014 |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Volume | 428 |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | 29th IFIP TC 11 International Conference, SEC 2014 |
---|---|
Country/Territory | Morocco |
City | Marrakesh |
Period | 2/06/14 → 4/06/14 |
Bibliographical note
Publisher Copyright:© IFIP International Federation for Information Processing 2014.
Keywords
- Data and applications security
- Payment system security
- PCI DSS
- Risk analysis
- Security assessment