A FORENSIC FIRST LOOK AT A POS DEVICE: SEARCHING FOR PCI DSS DATA STORAGE VIOLATIONS

IF 0.6 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Digital Forensics Security and Law Pub Date : 2020-01-01 DOI:10.15394/JDFSL.2020.1614

Stephen Larson, James H. Jones, Jim Swauger

引用次数: 0

Abstract

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in data breaches in 2017. These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system commonly used in smaller retail stores and restaurants to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data. Persistent storage (ﬂash memory chips) were removed from the devices and their contents were successfully acquired. Information about the device and the code running on it was successfully extracted, although no PCI DSS data storage violations were identiﬁed.

查看原文本刊更多论文

首先检查pos设备:搜索pci DSS数据存储违规

根据Verizon 2018年数据泄露调查报告，2017年有321个POS终端(用户设备)涉及数据泄露。这些数据泄露涉及独立POS终端以及相关的控制器系统。本文研究了一个独立的销售点(POS)系统，该系统通常用于小型零售商店和餐馆，用于提取未加密的数据，并识别可能违反支付卡行业数据安全标准(PCI DSS)的要求，以保护存储的持卡人数据。持久存储(闪存芯片)从设备中移除，并成功获取其内容。尽管没有识别出PCI DSS数据存储违规，但成功提取了有关设备及其上运行的代码的信息。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Digital Forensics Security and Law COMPUTER SCIENCE, INFORMATION SYSTEMS-

自引率

0.00%

发文量

审稿时长

10 weeks