在销售点交易中使用全EMV智能卡及其对PCI DSS的影响

2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing Pub Date : 2012-09-03 DOI:10.1109/SocialCom-PASSAT.2012.80

O. Ogundele, P. Zavarsky, Ron Ruhl, Dale Lindskog

{"title":"在销售点交易中使用全EMV智能卡及其对PCI DSS的影响","authors":"O. Ogundele, P. Zavarsky, Ron Ruhl, Dale Lindskog","doi":"10.1109/SocialCom-PASSAT.2012.80","DOIUrl":null,"url":null,"abstract":"This paper argues that given the relevant known vulnerabilities and attacks against the EMV (named after Euro pay, MasterCard and Visa) technology, if the combined dynamic data authentication (CDA) card variant of the EMV payment card is deployed in a full EMV environment for point of sale terminal (POS) transaction, it becomes unnecessary to comply with the Payment Card Industry Data Security Standard (PCI DSS) unless the merchant with the POS terminal has been exposed to proven breach and even in that case the damage caused is likely to be minimal.","PeriodicalId":129526,"journal":{"name":"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and Its Impact on the PCI DSS\",\"authors\":\"O. Ogundele, P. Zavarsky, Ron Ruhl, Dale Lindskog\",\"doi\":\"10.1109/SocialCom-PASSAT.2012.80\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper argues that given the relevant known vulnerabilities and attacks against the EMV (named after Euro pay, MasterCard and Visa) technology, if the combined dynamic data authentication (CDA) card variant of the EMV payment card is deployed in a full EMV environment for point of sale terminal (POS) transaction, it becomes unnecessary to comply with the Payment Card Industry Data Security Standard (PCI DSS) unless the merchant with the POS terminal has been exposed to proven breach and even in that case the damage caused is likely to be minimal.\",\"PeriodicalId\":129526,\"journal\":{\"name\":\"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-09-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SocialCom-PASSAT.2012.80\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SocialCom-PASSAT.2012.80","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

本文认为，鉴于EMV(以Euro pay、MasterCard和Visa命名)技术的相关已知漏洞和攻击，如果将EMV支付卡的组合动态数据认证(CDA)卡变体部署在完整的EMV环境中进行POS交易，没有必要遵守支付卡行业数据安全标准(PCI DSS)，除非拥有POS终端的商家已经暴露于被证实的违规行为，即使在这种情况下，造成的损害也可能是最小的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and Its Impact on the PCI DSS

This paper argues that given the relevant known vulnerabilities and attacks against the EMV (named after Euro pay, MasterCard and Visa) technology, if the combined dynamic data authentication (CDA) card variant of the EMV payment card is deployed in a full EMV environment for point of sale terminal (POS) transaction, it becomes unnecessary to comply with the Payment Card Industry Data Security Standard (PCI DSS) unless the merchant with the POS terminal has been exposed to proven breach and even in that case the damage caused is likely to be minimal.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing

自引率

0.00%

发文量