DocumentCode
3580858
Title
Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company
Author
Shihab, Muhammad R. ; Misdianti, Febriana
Author_Institution
Fac. of Comput. Sci., Univ. Indonesia, Depok, Indonesia
fYear
2014
Firstpage
151
Lastpage
156
Abstract
E-commerce industry in Indonesia has grown rapidly since 2012. This development is also in line with the number of transactions that uses credit cards. Unfortunately, this phenomenon is followed by credit card frauds as well. Therefore, there is an urge for a standard to be used as a main reference in protecting the security of information. Visa and MasterCard have issued an international standard to ensure the security of credit card data, namely, PCI DSS. It emphasizes the importance of protecting cardholder information in one´s daily business processes. On December 2013, the latest version of this standard was released, and brought about difficulties, even to those organizations that are already compliant to previous versions of the same standard. The aim of this research is to be able to identify the changes brought about by the latest PCI DSS, namely, version 3.0. Furthermore, this research is intended to implement that very standard to measure an organization´s compliance level. This research uses a case study approach in Indonesia largest company in online payment services. The results of this research are the summation of 182 new controls that are simplified for use by organizations that have complied with PCI DSS 2.0 and are preparing for PCI DSS 3.0. Additionally, we found that Company X, the object of our case study, is compliant towards 77.43% of PCI DSS 3.0 requirements. Payment card industry data security standard is considered at its earlier stages. We believe that this research is one of the first in observing the changes brought about by PCI DSS 3.0 as well as in implementing it to measure an organization´s compliance level.
Keywords
auditing; data protection; electronic commerce; security of data; Indonesia; MasterCard; PCI DSS 2.0; PCI DSS 3.0 compliance; Visa; cardholder information protection; credit card data security audit; credit card frauds; daily business processes; e-commerce industry; information security; online payment company; online payment services; payment card industry data security standard; Companies; Credit cards; Decision support systems; Security; Standards organizations;
fLanguage
English
Publisher
ieee
Conference_Titel
Advanced Computer Science and Information Systems (ICACSIS), 2014 International Conference on
Type
conf
DOI
10.1109/ICACSIS.2014.7065872
Filename
7065872
Link To Document