The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and its Impact on the PCI DSS

被引:4
作者
Ogundele, Oludele [1 ]
Zavarsky, Pavol [1 ]
Ruhl, Ron [1 ]
Lindskog, Dale [1 ]
机构
[1] Concordia Univ, Coll Alberta, Informat Syst Secur Dept, Edmonton, AB, Canada
来源
Proceedings of 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust and 2012 ASE/IEEE International Conference on Social Computing (SocialCom/PASSAT 2012) | 2012年
关键词
EMV; Magnetic-stripe; Chip and PIN; PCI DSS; Payment card; Point of sale terminal;
D O I
10.1109/SocialCom-PASSAT.2012.80
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper argues that given the relevant known vulnerabilities and attacks against the EMV (named after Europay, MasterCard and Visa) technology, if the combined dynamic data authentication (CDA) card variant of the EMV payment card is deployed in a full EMV environment for point of sale terminal (POS) transaction, it becomes unnecessary to comply with the Payment Card Industry Data Security Standard (PCI DSS) unless the merchant with the POS terminal has been exposed to proven breach and even in that case the damage caused is likely to be minimal.
引用
收藏
页码:797 / 806
页数:10
相关论文
共 27 条
[1]  
ADIDA B, 2006, SEC PROT WORKSH CAMB
[2]  
Anderson R., 2005, CHIP AND SPIN
[3]  
Anderson Ross, 2010, MIGHT FINANCIAL CRYP
[4]  
[Anonymous], 2011, CARD ACCEPTANCE GUID
[5]  
[Anonymous], 2011, GUIDE EMV VERSION 1
[6]  
[Anonymous], ONLINE
[7]  
[Anonymous], 2008, BOOK 2 SEC KEY MAN V, V2
[8]  
[Anonymous], 2011, VISA B
[9]  
[Anonymous], 2011, CARD PAYMENTS RAODMA
[10]  
Balfe S., 2008, E EMV EMULATING EMV
123