Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 1
October 2010
AIRPORT COOPERATIVE RESEARCH PROGRAM
Sponsored by the Federal Aviation Administration
Responsible Senior Program Officer: Theresia H. Schatz
Research Results Digest 11
HELPING AIRPORTS UNDERSTAND THE PAYMENT CARD
INDUSTRY DATA SECURITY STANDARD (PCI DSS)
This digest presents the results of ACRP Project 11-02/Task 14, "Helping
Airports Understand the Payment Card Industry Data Security Standard" and
its applicability to the airport environment to help ensure that airport busi-
ness systems meet this commercial standard. The research was conducted
by Rick Belliotti and David Jividen of Barich, Inc., Chandler, Arizona.
BACKGROUND about the PA DSS and the restrictions
therein, the PCI Security Standards Coun-
The Payment Card Industry Data Secu- cil (PCI-Council) has created a webpage
rity Standard (PCI DSS) is a set of require- and documents describing these require-
ments for ensuring protection and security ments (1). The third standard that exists
of credit cardholder data. The standard was for PCI security is the PCI personal iden-
developed by American Express (AMEX), tification number (PIN) transaction Secu-
Discover Financial Services, JCB Inter- rity (PCI PTS) standard. This standard is
national, MasterCard Worldwide, and Visa focused on protecting transactions that
Inc. International to facilitate the adoption involve PIN numbers. See Figure 1 for a
of a consistent data security program on a diagram of the relationships between these
global basis. The PCI DSS includes require- standards.
ments for security management, policies, The entire PCI DSS presents some
procedures, network architecture, software ambiguity not only to all businesses and
design, and other protective measures. organizations employing the use of pay-
C O N T E N T S The PCI DSS has become a major topic ment cards, but also particularly to airports
Background, 1 for airports and airlines as they attempt to and the business of airport operations. Air-
Purpose, 2
determine how this standard affects them ports present a unique situation in which
Payment Card Industry Data
and which elements of the standard apply airport systems and infrastructure must con-
Security Standard, 2 to their organization. In addition to PCI nect and operate with the following:
PCI Compliance, 7 DSS, the PCI has also created the Payment
PCI Audits, 14
Application Data Security Standard (PA · Airline tenants using gates and ticket
Airport PCI, 15
DSS), which defines how software vendors counters and, thus, airport networks
and others develop secure payment appli- at a minimum;
PCI in Common Use, 21
cations. The PA DSS applies to payment · Self-service kiosks for passenger
Responsibility Matrix, 23
application software developed for the processing;
Next Steps--Future Research, 24 purpose of sale and distribution. For pay- · Common use equipment used by mul-
Appendix A--Magnetic Stripe ment applications that are developed in- tiple airlines/merchants;
Track Data, 26
house, for the sole use of the business or · Airport business tenants using space
Appendix B--References
and Additional Resources, 27
organization, the PA DSS does not apply (and possibly airport services) in air-
Appendix C--Glossary of
because security is covered in the PCI port terminals for retail, service, and
Terms, 28 DSS compliance program. To learn more restaurant businesses;
