A FORENSIC FIRST LOOK AT A POS DEVICE: SEARCHING FOR PCI DSS DATA STORAGE VIOLATIONS

IF 0.6 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Digital Forensics Security and Law Pub Date : 2020-01-01 DOI:10.15394/JDFSL.2020.1614
Stephen Larson, James H. Jones, Jim Swauger
{"title":"A FORENSIC FIRST LOOK AT A POS DEVICE: SEARCHING FOR PCI DSS DATA STORAGE VIOLATIONS","authors":"Stephen Larson, James H. Jones, Jim Swauger","doi":"10.15394/JDFSL.2020.1614","DOIUrl":null,"url":null,"abstract":"According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in data breaches in 2017. These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system commonly used in smaller retail stores and restaurants to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data. Persistent storage (flash memory chips) were removed from the devices and their contents were successfully acquired. Information about the device and the code running on it was successfully extracted, although no PCI DSS data storage violations were identified.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Digital Forensics Security and Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15394/JDFSL.2020.1614","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

According to the Verizon 2018 Data Breach Investigations Report, 321 POS terminals (user devices) were involved in data breaches in 2017. These data breaches involved standalone POS terminals as well as associated controller systems. This paper examines a standalone Point-of-Sale (POS) system commonly used in smaller retail stores and restaurants to extract unencrypted data and identify possible violations of the Payment Card Industry Data Security Standard (PCI DSS) requirement to protect stored cardholder data. Persistent storage (flash memory chips) were removed from the devices and their contents were successfully acquired. Information about the device and the code running on it was successfully extracted, although no PCI DSS data storage violations were identified.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
首先检查pos设备:搜索pci DSS数据存储违规
根据Verizon 2018年数据泄露调查报告,2017年有321个POS终端(用户设备)涉及数据泄露。这些数据泄露涉及独立POS终端以及相关的控制器系统。本文研究了一个独立的销售点(POS)系统,该系统通常用于小型零售商店和餐馆,用于提取未加密的数据,并识别可能违反支付卡行业数据安全标准(PCI DSS)的要求,以保护存储的持卡人数据。持久存储(闪存芯片)从设备中移除,并成功获取其内容。尽管没有识别出PCI DSS数据存储违规,但成功提取了有关设备及其上运行的代码的信息。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Digital Forensics Security and Law
Journal of Digital Forensics Security and Law COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
0.00%
发文量
5
审稿时长
10 weeks
期刊最新文献
A CRITICAL COMPARISON OF BRAVE BROWSER AND GOOGLE CHROME FORENSIC ARTEFACTS Fault Lines In The Application Of International Humanitarian Law To Cyberwarfare To License or Not to License Reexamined: An Updated Report on Licensing of Digital Examiners Under State Private Investigator Statutes Forensic Discoverability of iOS Vault Applications A Combined Approach For Private Indexing Mechanism
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1