Click for next page ( 2

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
October 2010 AIRPORT COOPERATIVE RESEARCH PROGRAM Sponsored by the Federal Aviation Administration Responsible Senior Program Officer: Theresia H. Schatz Research Results Digest 11 HELPING AIRPORTS UNDERSTAND THE PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) This digest presents the results of ACRP Project 11-02/Task 14, "Helping Airports Understand the Payment Card Industry Data Security Standard" and its applicability to the airport environment to help ensure that airport busi- ness systems meet this commercial standard. The research was conducted by Rick Belliotti and David Jividen of Barich, Inc., Chandler, Arizona. BACKGROUND about the PA DSS and the restrictions therein, the PCI Security Standards Coun- The Payment Card Industry Data Secu- cil (PCI-Council) has created a webpage rity Standard (PCI DSS) is a set of require- and documents describing these require- ments for ensuring protection and security ments (1). The third standard that exists of credit cardholder data. The standard was for PCI security is the PCI personal iden- developed by American Express (AMEX), tification number (PIN) transaction Secu- Discover Financial Services, JCB Inter- rity (PCI PTS) standard. This standard is national, MasterCard Worldwide, and Visa focused on protecting transactions that Inc. International to facilitate the adoption involve PIN numbers. See Figure 1 for a of a consistent data security program on a diagram of the relationships between these global basis. The PCI DSS includes require- standards. ments for security management, policies, The entire PCI DSS presents some procedures, network architecture, software ambiguity not only to all businesses and design, and other protective measures. organizations employing the use of pay- C O N T E N T S The PCI DSS has become a major topic ment cards, but also particularly to airports Background, 1 for airports and airlines as they attempt to and the business of airport operations. Air- Purpose, 2 determine how this standard affects them ports present a unique situation in which Payment Card Industry Data and which elements of the standard apply airport systems and infrastructure must con- Security Standard, 2 to their organization. In addition to PCI nect and operate with the following: PCI Compliance, 7 DSS, the PCI has also created the Payment PCI Audits, 14 Application Data Security Standard (PA Airline tenants using gates and ticket Airport PCI, 15 DSS), which defines how software vendors counters and, thus, airport networks and others develop secure payment appli- at a minimum; PCI in Common Use, 21 cations. The PA DSS applies to payment Self-service kiosks for passenger Responsibility Matrix, 23 application software developed for the processing; Next Steps--Future Research, 24 purpose of sale and distribution. For pay- Common use equipment used by mul- Appendix A--Magnetic Stripe ment applications that are developed in- tiple airlines/merchants; Track Data, 26 house, for the sole use of the business or Airport business tenants using space Appendix B--References and Additional Resources, 27 organization, the PA DSS does not apply (and possibly airport services) in air- Appendix C--Glossary of because security is covered in the PCI port terminals for retail, service, and Terms, 28 DSS compliance program. To learn more restaurant businesses;