An implementation and evaluation of PCI DSS 3.0 for E-Commerce in a testing environment

Abstract

Threats to personal payment card information are continually on the rise. To implement a formal process for protecting this information PCI DSS was created. However credit card fraud is still rising. This leads to the question of whether or not PCI DSS is effective in protecting this data. This dissertation implements the 12 PCI DSS 3.0 requirements and tests the effectiveness in regard to the complexity of implementation. While there are clearly issues within the standard: existing ambiguities, speed of adapting to industry findings: the main issue with the standard is not with the standard itself but with a failure to comply and still accepting electronic payments. The self-assessment options as found in testing would have left many network vulnerabilities that would remain undiscovered without full standard implementation.