Cloud Payment Processing without Ritualistic Sacrifices: Reducing PCI-DSS Risk Surface with Thin Clients
The Payment Card Industry Data Security Standard (PCI-DSS, or simply PCI) governs the many security standards associated with payment card transactions. Point of sale systems in today’s brick-and-mortar storefronts fall woefully short of these standards at every step of the work flow. They commonly use outdated desktop computers and store card data locally, oftentimes in plaintext. Backups of these systems, if kept at all, are often stored on unsecured, removable media. If we can move some of the payment infrastructure away from the merchant to a central web service, then we can reduce the responsibility of the merchant and provide a more secure environment for the consumer.
Published in: International Conference on Information Society (i-Society 2016)
- Date of Conference: 10-13 October 2016
- DOI: 10.2053/iSociety.2016.0034
- ISBN: 978-1-908320-62-9
- Conference Location: Dublin, Ireland