ABSTRACT
Traditional payment systems have standards designed to keep transaction data secure, but blockchain systems are not in scope for such security standards. We compare the Payment Application Data Security Standard's (PA-DSS) applicability towards transaction-supported blockchain platforms to test the standard's applicability. By highlighting the differences in implementation on traditional and decentralized transaction platforms, we critique and adapt the standards to fit the decentralized model. In two case studies, we analyze the QTUM and Ethereum blockchain platforms' industry compliance, as their payment platforms support transactions equivalent to that of applications governed by the PA-DSS. We determine QTUM's and Ethereum's capabilities to properly ensure secure data handling with respect to current security standards. After adapting the PA-DSS and analyzing the QTUM and Ethereum platforms, we revise the new set of standards to create a set of best-practices for ensuring data security on both traditional and blockchain payment systems. We report the security gaps identified on each platform based on the final revision of the standards, presenting a conclusive perspective that neither platform is suitable for business adoption based on the PA-DSS standard's results. Finally, we discuss open research issues.
- M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. 2014. Secure Multiparty Computations on Bitcoin. In 2014 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp. 443--458. Google ScholarDigital Library
- N. Atzei, M. Bartoletti, and T. Cimoli. 2017. A Survey of Attacks on Ethereum Smart Contracts (SoK). In Principles of Security and Trust. Springer, pp. 164--186. Google ScholarDigital Library
- M. Bartoletti and L. Pompianu. 2017. An Empirical Analysis of Smart Contracts: Platforms, Applications, and Design Patterns. In International Conference on Financial Cryptography and Data Security. Springer, Sliema, Malta, pp. 494--509.Google Scholar
- A. Biryukov, D. Khovratovich, and I. Pustogarov. 2014. Deanonymisation of Clients in Bitcoin P2P Network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, Scottsdale, AZ, USA, pp. 15--29. Google ScholarDigital Library
- M. Conti, S. Kumar, C. Lal, and S. Ruj. 2018. A Survey on Security and Privacy Issues of Bitcoin. IEEE Communications Surveys & Tutorials 20, 4 (2018), pp. 3416--3452.Google ScholarDigital Library
- K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi. 2016. Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab. In International Conference on Financial Cryptography and Data Security. Springer, ChristChurch, Barbados, pp. 79--94.Google Scholar
- G. Bello and A.J. Perez 2018. Adapted PA-DSS Standards. https://tinyurl.com/yabykwf8Google Scholar
- A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In 2016 IEEE symposium on security and privacy (SP). IEEE, San Jose, CA, USA, pp. 839--858.Google Scholar
- P. Koshy, D. Koshy, and P. McDaniel. 2014. An Analysis of Anonymity in Bitcoin using P2P Network Traffic. In International Conference on Financial Cryptography and Data Security. Springer, Christ Church, Barbados, pp. 469--485.Google Scholar
- L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, Vienna, Austria, pp. 254--269. Google ScholarDigital Library
- M. Di Ferrante and R. Mercer. 2017. Towards Blockchain Transaction Privacy. https://www.clearmatics.com/wp-content/uploads/2017/06/IEEE-Presentation.pdfGoogle Scholar
- M. Gray and C. Hajduk. 2017. Anatomy of a Smart Contract. https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/AnatomyofASmartContract.mdGoogle Scholar
- M. Gray and C. Hajduk. 2017. Anatomy of a Smart Contract 2. https://azure.microsoft.com/en-us/blog/scanatomy-2Google Scholar
- S. Ma, Y. Deng, D. He, J. Zhang, and X. Xie. 2017. An Efficient NIZK Scheme for Privacy-Preserving Transactions over Account-Model Blockchain. IACR Cryptol. e-Print Arch., Tech. Rep (2017), 1239.Google Scholar
- M.Gray and C. Hajduk. 2017. Cryptlets Deep Dive. https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/CryptletsDeepDive.mdGoogle Scholar
- N. Szabo. 1997. The Idea of Smart Contracts. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.htmlGoogle Scholar
- N. Szabo. 2002. A Formal Language for Analyzing Contracts. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/contractlanguage.htmlGoogle Scholar
- S. Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. (2008).Google Scholar
- PCI Security Standards Council. 2008. Payment Application Data Security Standard: Frequently Asked Questions. https://www.pcisecuritystandards.org/pdfs/pci_pa-dss_faqs.pdfGoogle Scholar
- PCI Security Standards Council. 2013. Payment Card Industry (PCI) Payment Application Data Security Standard-Requirements and Security Assessment Procedures version 3.0. https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdfGoogle Scholar
- Y. Sompolinsky and A. Zohar. 2015. Secure High-Rate Transaction Processing in Bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, San Juan, Puerto Rico, pp. 507--527.Google Scholar
- U.S. Small Business Administration. 2016. Contract Law - How to Create a Legally Binding Contract. https://www.sba.gov/blogs/contract-law-how-create-legally-binding-contractGoogle Scholar
- V. Buterin 2016. Thinking About Smart Contract Security. https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/Google Scholar
- F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. 2016. Town Crier: An Authenticated Data Feed for Smart Contracts. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, Vienna, Austria, pp. 270--282. Google ScholarDigital Library
Index Terms
- Adapting Financial Technology Standards to Blockchain Platforms
Recommendations
The Use of Blockchain in Financial Area: A Systematic Mapping Study
SBSI '20: Proceedings of the XVI Brazilian Symposium on Information SystemsBlockchain is a technology for decentralized transactions that has been widely used with cryptocurrencies such as Bitcoin. Many studies have been conducted in the last decades, approaching cryptocurrencies, and blockchain technology, more strongly in ...
IoT and Blockchain combined: for decentralized security
AbstractBlockchain technology, a version of distributed ledger technology, has been grabbing a huge amount of attention in fields beyond its roots in crypto-currencies: blockchain and finance, blockchain and logistics, blockchain and the Internet of ...
A Survey of Payment Card Industry Data Security Standard
Usage of payment cards such as credit cards, debit cards, and prepaid cards, continues to grow. Security breaches related to payment cards have led to billion dollar losses annually. In order to offset this trend, major payment card networks have ...
Comments