Implementing the payment card industry (PCI) data security standard (DSS)

3Citations
Citations of this article
46Readers
Mendeley users who have this article in their library.

Abstract

Underpinned by the rise in online criminality, the payment card industry (PCI) data security standards (DSS) were introduced which outlines a subset of the core principals and requirements that must be followed, including precautions relating to the software that processes credit card data. The necessity to implement these requirements in existing software applications can present software owners and developers with a range of issues. We present here a generic solution to the sensitive issue of PCI compliance where aspect orientated programming (AOP) can be applied to meet the requirement of masking the primary account number (PAN). Our architecture allows a definite amount of code to be added which intercepts all the methods specified in the aspect, regardless of future additions to the system thus reducing the amount of work required to the maintain aspect. We believe that the concepts here will provide an insight into how to approach the PCI requirements to undertake the task. The software artefact should also serve as a guide to developers attempting to implement new applications, where security and design are fundamental elements that should be considered through each phase of the software development lifecycle and not as an afterthought. © 2011 Universitas Ahmad Dahlan.

Cite

CITATION STYLE

APA

Bonner, E., O’ Raw, J., & Curran, K. (2011). Implementing the payment card industry (PCI) data security standard (DSS). Telkomnika, 9(2), 365–376. https://doi.org/10.12928/telkomnika.v9i2.709

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free