A survey of payment card industry data security standard

IEEE Communications Surveys and Tutorials

Volumn 12, Issue 3, 2010, Pages 287-303

  Liu, Jing ^a   Xiao, Yang ^a   Chen, Hui ^b   Ozdemir, Suat ^c   Dodle, Srinivas ^a   Singh, Vikas ^a  

^a Department of Computer Science   (United States)

^b VIRGINIA STATE UNIVERSITY   (United States)

^c GAZI UNIVERSITY   (Turkey)

Author keywords

Data Security Standard; Payment Card Industry; Security

Indexed keywords

SECURITY OF DATA; SECURITY SYSTEMS;

CREDIT CARDS; DATA SECURITY STANDARDS; DEBIT CARDS; INDUSTRY DATUM; PAYMENT CARD; PAYMENT CARD INDUSTRIES; SECURITY; SECURITY BREACHES; SECURITY STANDARDS; SERVICE PROVIDER;

SURVEYS;

EID: 77955467721     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2010.031810.00083     Document Type: Article

References (30)

1. SecureTrust PCI Compliance 13 March 2006 XRamp http://www.securetrust.com/pdf/securetrust_datasheetpdf
2. Assessing & Implementing Compliance Management for PCI DSS 30 January 2007 Endava http://www.endava.com/ resources/Endava Whitepaper-Assessing and Implementing Compliance Management for PCI DSS.pdf
3. IT Audit Checklist Series 2007 IT Compliance Institute http://www.itcinstitute.com/display.aspx?id=2499
4. Organizational Structure 2006 PCI Security Standards Council http://www.pcisecuritystandards.org
5. Choicepoint Corporation 2007 Choicepoint http: //en. wikipedia. org/ wiki/Choicepoint
6. Identity Theft Categories 2006 Identity Theft http://idtheft.about.com/od/
7. TJ Maxx theft believed largest hack ever 30 March 2007 Msnbc.com http://www.msnbc.msn.com/id/17871485/
8. Data breaches 2007 2007 Identity Theft http://idtheft.about.eom/od/databreaches2007/a/Databreaches07.htm
9. A. Kjos The Merchant-Acquiring Side of the Payment Card Industry: Structure, Operations, and Challenges 2007 Payment Card Center, Federal Reserve Bank of Philadelphia http: //www.philadelphiafed. org/payment-cards-center/publications/ discussion-papers/2007/D20070ctoberMerchantAcquiring.pdf
10. Payment Card Industry Data Security Standard September 2006 PCI Security Standard Council https:// www.pcisecuritystandards.org/security_standards/pci_dss_download.html
11. Payment Card Industry Data Security Standard 1.1/1.0 Comparison September 2006 Configure Soft. http://www.configuresoft.com/webparts/CMS/ViewDocument.aspx? ItemID=d61356d9-cde2-4236-a6e 1-3 6b8fd3be 195
12. Vormetric White Paper: Protecting 'Data at Rest' with CoreGuard 2005 Vormetric Inc. http://www.randtronics.com/pdf/ CoreGuardOverviewWhitePapervl_P02.pdf
13. M.-H. Ho Don't Let It Happen to You: Encrypt Sensitive Information in Your Oracle Database 2006 http: //w w w.oracle. com/technology/ deploy/security/databasesecurity/pdf/oow2006_TDE.pdf
14. A. Nanda Transparency Data Encryption September 2005 http: //www. oracle, com/technology/oramag/ oraci e/05sep/o55security.html
15. S. Kost J. Kanter Oracle Applications Ili: Credit Cards and PCI Compliance Issues January 2007 http://www.integrigy.com/security-resources/whitepapers/Integrigy _Oracle_ 1 li_Credit_Cards_PCI.pdf
16. Specification sheet for Key Management Facility 2003 Motorola http://www.vsp.state.va.us/downloads/ STARS Contract/Appendix 05-32-Encryption Info 2 KMF.pdf
17. Security Policy Key Management Facility Crypto Card (KMF CC); Version 2.17 10 August 2007 Motorola http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/ 140sp/ 140sp864. pdf
18. Compliance Solution for the Payment Card Industry Security Standard (PCI) October 2005 Décru and NetApp. http://www.bareapp.se/PDF/PCI Compliance solution.pdf
19. Achieving and Maintaining Compliance with the Payment Card Industry Data Security Standard September 2005 Altiris Inc. http://whitepapers.techrepublic.com.com/ abstract. aspx?docid=3 53 195
20. Achieving PCI Compliance with Managed Security Services 2006 Secure Works Inc. http://www.secureworks.com/ assets/print/brochure_pci.pdf
21. PCI Certification 2008 Pci.org http://www.pci.org/about/certification/index.html
22. Payment Card Industry Qualified Data Security Company Requirements 7 June 2005 Visa U.S.A. Inc. https:// www.etsms.com/ASP/CISPDocs/8.pdf
23. Account Information Security: PCI Security Scanning Procedures 1 June 2006 Visa Europe http:// www.visaeurope.com/documents/ais/appendix_c.pdf
24. 2005/2006 Study of Consumer Payment Preferences 2006 Americans Bankers Association and Dove Consulting http://www.aba.com/Surveys+and+Statistics/S S_CPPS_05.htm
25. F. Katayama Hacker hits up to 8M credit cards 27 February 2003 CNNIMoney.com http://money.cnn.com/2003/02/18/technology/creditcards/index.htm
26. PCI Quick Reference Guide Oct 2008 PCI Security Council https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf
27. J. C. McGrath A. Kjos Information Security, Data Breaches, and Protecting Cardholder Information: Facing Up to the Challenges 13-14 September 2006 http: //www.philadelphiafed.org/payment-cards-center/events/ conferences/ 2007ZC2006SeptInfoSecuritySummary.pdf
28. Summary of Changes of PCI DSS Version 1.1 to 1.2 Oct 2008 PCI Security Council https://www.pcisecuritystandards.org/pdfs/ pci_dss_summary_of_changes_v 1-2.pdf
29. Payment Card Industry Data Security Standard Validation Requirements for Qualified Security Assessors April 2008 PCI Security Council https://www.pcisecuritystandards.org/pdfs/pci_dss_validation_ requirements_for_qualified_security_assessors_QS As_v 1-1.pdf
30. Payment Card Industry (PCI) Data Security Standard QSA Validation Requirements: Supplement for Payment Application Qualified Security Assessors (PA-QSA) April 2008 PCI Security Council https: //www.pcisecuritystandards. org/pdfs/pci_ qsa_validation_ requirements_pa-qsa_supplement.pdf