Abstract

In this paper, we investigate the value of Payment Card Industry Data Security Standard (PCI DSS) by examining popular implementations of hosted payment processing solutions. First, we will dive into CardConnect, a registered ISO of Wells Fargo Bank, and see how their client-side-dependent model allows for trivial manipulation. Then we look at CardConnect plugins for more widespread vulnerabilities. Lastly, we propose a sort of leaky bucket solution wherein the e-commerce platform must validate all of the assumptions previously made; albeit, tokenized credit card transactions are a technology that should be leveraged when resources allow. However, hiring a skilled software developer to implement a secure credit card processing system is out of reach for many small retail shops.

Published in: International Conference on Information Society (i-Society 2016)

  • Date of Conference: 10-13 October 2016
  • DOI: 10.2053/iSociety.2016.0012
  • ISBN: 978-1-908320-62-9
  • Conference Location: Dublin, Ireland