Implementing the Payment Card Industry (PCI) Data Security Standard (DSS)
Abstract: Underpinned by the
rise in online criminality, the payment card industry (PCI) data security
standards (DSS) were introduced which outlines a subset of the core principals
and requirements that must be followed, including precautions relating to the
software that processes credit card data. The necessity to implement these
requirements in existing software applications can present software owners and
developers with a range of issues. We present here a generic solution to the
sensitive issue of PCI compliance where aspect orientated programming (AOP) can
be applied to meet the requirement of masking the primary account number (PAN). Our architecture allows a definite amount of
code to be added which intercepts all the methods specified in the aspect,
regardless of future additions to the system thus reducing the amount of work
required to the maintain aspect. We believe that the concepts here will provide
an insight into how to approach the PCI requirements to undertake the task. The
software artefact should also serve as a guide to developers attempting to
implement new applications, where security and design are fundamental elements
that should be considered through each phase of the software development
lifecycle and not as an afterthought.
Author: Enda Bonner, John O'
Raw, Kevin Curran
Journal Code: jptkomputergg110046