Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company

Muhammad Rifki Shihab, Febriana Misdianti

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

E-commerce industry in Indonesia has grown rapidly since 2012. This development is also in line with the number of transactions that uses credit cards. Unfortunately, this phenomenon is followed by credit card frauds as well. Therefore, there is an urge for a standard to be used as a main reference in protecting the security of information. Visa and MasterCard have issued an international standard to ensure the security of credit card data, namely, PCI DSS. It emphasizes the importance of protecting cardholder information in one's daily business processes. On December 2013, the latest version of this standard was released, and brought about difficulties, even to those organizations that are already compliant to previous versions of the same standard. The aim of this research is to be able to identify the changes brought about by the latest PCI DSS, namely, version 3.0. Furthermore, this research is intended to implement that very standard to measure an organization's compliance level. This research uses a case study approach in Indonesia largest company in online payment services. The results of this research are the summation of 182 new controls that are simplified for use by organizations that have complied with PCI DSS 2.0 and are preparing for PCI DSS 3.0. Additionally, we found that Company X, the object of our case study, is compliant towards 77.43% of PCI DSS 3.0 requirements. Payment card industry data security standard is considered at its earlier stages. We believe that this research is one of the first in observing the changes brought about by PCI DSS 3.0 as well as in implementing it to measure an organization's compliance level.

Original languageEnglish
Title of host publicationProceedings - ICACSIS 2014
Subtitle of host publication2014 International Conference on Advanced Computer Science and Information Systems
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages151-156
Number of pages6
ISBN (Electronic)9781479980758
DOIs
Publication statusPublished - 23 Mar 2014
Event2014 International Conference on Advanced Computer Science and Information Systems, ICACSIS 2014 - Jakarta, Indonesia
Duration: 18 Oct 201419 Oct 2014

Publication series

NameProceedings - ICACSIS 2014: 2014 International Conference on Advanced Computer Science and Information Systems

Conference

Conference2014 International Conference on Advanced Computer Science and Information Systems, ICACSIS 2014
Country/TerritoryIndonesia
CityJakarta
Period18/10/1419/10/14

Fingerprint

Dive into the research topics of 'Moving towards PCI DSS 3.0 compliance: A case study of credit card data security audit in an online payment company'. Together they form a unique fingerprint.

Cite this