{"title":"向PCI DSS 3.0遵从性迈进:在线支付公司信用卡数据安全审计的案例研究","authors":"M. R. Shihab, Febriana Misdianti","doi":"10.1109/ICACSIS.2014.7065872","DOIUrl":null,"url":null,"abstract":"E-commerce industry in Indonesia has grown rapidly since 2012. This development is also in line with the number of transactions that uses credit cards. Unfortunately, this phenomenon is followed by credit card frauds as well. Therefore, there is an urge for a standard to be used as a main reference in protecting the security of information. Visa and MasterCard have issued an international standard to ensure the security of credit card data, namely, PCI DSS. It emphasizes the importance of protecting cardholder information in one's daily business processes. On December 2013, the latest version of this standard was released, and brought about difficulties, even to those organizations that are already compliant to previous versions of the same standard. The aim of this research is to be able to identify the changes brought about by the latest PCI DSS, namely, version 3.0. Furthermore, this research is intended to implement that very standard to measure an organization's compliance level. This research uses a case study approach in Indonesia largest company in online payment services. The results of this research are the summation of 182 new controls that are simplified for use by organizations that have complied with PCI DSS 2.0 and are preparing for PCI DSS 3.0. Additionally, we found that Company X, the object of our case study, is compliant towards 77.43% of PCI DSS 3.0 requirements. Payment card industry data security standard is considered at its earlier stages. We believe that this research is one of the first in observing the changes brought about by PCI DSS 3.0 as well as in implementing it to measure an organization's compliance level.","PeriodicalId":443250,"journal":{"name":"2014 International Conference on Advanced Computer Science and Information System","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company\",\"authors\":\"M. R. Shihab, Febriana Misdianti\",\"doi\":\"10.1109/ICACSIS.2014.7065872\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"E-commerce industry in Indonesia has grown rapidly since 2012. This development is also in line with the number of transactions that uses credit cards. Unfortunately, this phenomenon is followed by credit card frauds as well. Therefore, there is an urge for a standard to be used as a main reference in protecting the security of information. Visa and MasterCard have issued an international standard to ensure the security of credit card data, namely, PCI DSS. It emphasizes the importance of protecting cardholder information in one's daily business processes. On December 2013, the latest version of this standard was released, and brought about difficulties, even to those organizations that are already compliant to previous versions of the same standard. The aim of this research is to be able to identify the changes brought about by the latest PCI DSS, namely, version 3.0. Furthermore, this research is intended to implement that very standard to measure an organization's compliance level. This research uses a case study approach in Indonesia largest company in online payment services. The results of this research are the summation of 182 new controls that are simplified for use by organizations that have complied with PCI DSS 2.0 and are preparing for PCI DSS 3.0. Additionally, we found that Company X, the object of our case study, is compliant towards 77.43% of PCI DSS 3.0 requirements. Payment card industry data security standard is considered at its earlier stages. We believe that this research is one of the first in observing the changes brought about by PCI DSS 3.0 as well as in implementing it to measure an organization's compliance level.\",\"PeriodicalId\":443250,\"journal\":{\"name\":\"2014 International Conference on Advanced Computer Science and Information System\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-03-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Advanced Computer Science and Information System\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACSIS.2014.7065872\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Advanced Computer Science and Information System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACSIS.2014.7065872","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company
E-commerce industry in Indonesia has grown rapidly since 2012. This development is also in line with the number of transactions that uses credit cards. Unfortunately, this phenomenon is followed by credit card frauds as well. Therefore, there is an urge for a standard to be used as a main reference in protecting the security of information. Visa and MasterCard have issued an international standard to ensure the security of credit card data, namely, PCI DSS. It emphasizes the importance of protecting cardholder information in one's daily business processes. On December 2013, the latest version of this standard was released, and brought about difficulties, even to those organizations that are already compliant to previous versions of the same standard. The aim of this research is to be able to identify the changes brought about by the latest PCI DSS, namely, version 3.0. Furthermore, this research is intended to implement that very standard to measure an organization's compliance level. This research uses a case study approach in Indonesia largest company in online payment services. The results of this research are the summation of 182 new controls that are simplified for use by organizations that have complied with PCI DSS 2.0 and are preparing for PCI DSS 3.0. Additionally, we found that Company X, the object of our case study, is compliant towards 77.43% of PCI DSS 3.0 requirements. Payment card industry data security standard is considered at its earlier stages. We believe that this research is one of the first in observing the changes brought about by PCI DSS 3.0 as well as in implementing it to measure an organization's compliance level.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
