The Implementation of a Full EMV Smartcard for a Point-of-Sale Transaction and Its Impact on the PCI DSS

“…But the exposure of CHD is still an open issue for payment systems due to PCI DSS incompliant parties. Thus, PCI DSS focuses on decreasing the probability of the occurrence of CHD exposure in payment systems [8].…”

Security Assessment of Payment Systems under PCI DSS Incompatibilities

“…But the exposure of CHD is still an open issue for payment systems due to PCI DSS incompliant parties. Thus, PCI DSS focuses on decreasing the probability of the occurrence of CHD exposure in payment systems [8].…”

Security Assessment of Payment Systems under PCI DSS Incompatibilities

“…This terminal connection could be either contact or contactless. For the contact method, there must be a physical contact between the chip and the card reader for transaction to occur while for the contactless, the chip is required to be within sufficient proximity to the card reader for information exchange between the chip and the acceptance terminal [2]. The EMV specification details the technical requirements for chip embedded payment cards and for the various point-of-sale infrastructures.…”

“…The present EMV deployment in the payment card is referred to as the "hybrid environment", in which the payment card has both a three-track magnetic stripe and the chip embedded into it. The main purpose of the chip is to securely store the cardholder data and protect the data stored against unauthorized modification and also to reduce the number of fraudulent transactions carried out with the use of counterfeit, lost and stolen cards [2], but despite these improved security measures, the payment cards are still not immune to some known attacks, many of which rely on flaws in the use of magnetic stripe information. This is due to the presence of the magnetic stripe on these cards, the values which are encrypted on the stripe and the type of the EMV variant of the smartcards used by the banking systems.…”

“…In a bid to increase control around cardholder data and reduce credit or debit card fraud via its disclosure, the Payment Card Industry Data Security Standard (PCI DSS) was introduced by the payment card networks (Visa Inc., MasterCard Worldwide, American Express, JCB International and Discover Financial Services) [2]. It was developed to protect the cardholder and sensitive authentication data wherever they are present within the environment of the payment system, providing a baseline of 12 key technical and operational requirements set by the Payment Card Industry Security Standards Council (PCI SSC).…”

“…The PCI DSS is a mandatory requirement for all the entities involved in payment card processing such as the merchants, acquirers, issuers, service providers and all other entities that store, process or transmit cardholder data [3]. It aims at implementing strong security policy and infrastructure which leads to the reduction of the risks of security breaches [2]. The PCI DSS standard is however only effective if the payment system environment in which the payment transaction is being performed is in full and continuous compliance with the PCI DSS requirements, else security breaches are inevitable.…”

Fraud Reduction on EMV Payment Cards by the Implementation of Stringent Security Features

Towards More Secure Cardholder Verification in Payment Systems