M. Piazza, Joshua Fernandes, John Anderson, Aspen Olmsted
{"title":"Cloud payment processing without ritualistic sacrifices reducing PCI-DSS risk surface with thin clients","authors":"M. Piazza, Joshua Fernandes, John Anderson, Aspen Olmsted","doi":"10.1109/I-SOCIETY.2016.7854205","DOIUrl":null,"url":null,"abstract":"The Payment Card Industry Data Security Standard (PCI-DSS, or simply PCI) governs the many security standards associated with payment card transactions. Point of sale systems in today's brick-and-mortar storefronts fall woefully short of these standards at every step of the work flow. They commonly use outdated desktop computers and store card data locally, oftentimes in plaintext. Backups of these systems, if kept at all, are often stored on unsecured, removable media. If we can move some of the payment infrastructure away from the merchant to a central web service, then we can reduce the responsibility of the merchant and provide a more secure environment for the consumer.","PeriodicalId":317605,"journal":{"name":"2016 International Conference on Information Society (i-Society)","volume":"166 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Information Society (i-Society)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I-SOCIETY.2016.7854205","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The Payment Card Industry Data Security Standard (PCI-DSS, or simply PCI) governs the many security standards associated with payment card transactions. Point of sale systems in today's brick-and-mortar storefronts fall woefully short of these standards at every step of the work flow. They commonly use outdated desktop computers and store card data locally, oftentimes in plaintext. Backups of these systems, if kept at all, are often stored on unsecured, removable media. If we can move some of the payment infrastructure away from the merchant to a central web service, then we can reduce the responsibility of the merchant and provide a more secure environment for the consumer.