Abstract
IoT emergence has given rise to a new digital experience of payment transactions where physical objects like refrigerators, cars, and wearables will make payments. These physical objects will be storing the cardholder credentials and will directly make payments with the vendors over insecure public networks. For such payment transactions, government regulations and standards organizations require to implement PCI DSS for adapting similar set of security measures at the global level. The current version of PCI DSS is not suitable for IoT-based payment systems due to characteristics of IoT such as resource-constrained nature of devices and updating software/firmware of so many physical devices. Also, there arises an emergent need of implementing PCI DSS requirements and assessments for security of all stakeholders that store or process the user credentials in a payment. This paper is an initial effort to bring the researcher’s attention to make upcoming versions of PCI DSS suitable for IoT and thus securing the new ways of IoT-based payment systems. The paper has reviewed the traditional payment process along with considerations for IoT-based payment systems to make recommendations to modify the PCI DSS in a suitable way for IoT.
Highlights
IoT has emerged as a new phenomenon and has revolutionized the world once again after invention of computer systems [1]
The IoT device lifecycle is an important consideration for applicability of Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), as the PCI DSS security requirements will apply to IoT device manufacturers for designing and building payment-enabled IoT devices and PA DSS will be applicable to cloud and connectivity API providers for storing and processing of user’s credentials
This paper has focused on highlighting that PCI DSS is not applicable to such IoT-based payments in its current form
Summary
IoT has emerged as a new phenomenon and has revolutionized the world once again after invention of computer systems [1]. These characteristics especially resource-constrained nature of devices, limited capability of operating systems, diverse array of hardware computing platform, frequent use of alternative networking protocols, updating software/firmware of so many physical devices, interconnectivity, physical aspects of things, heterogeneity, dynamic changes, enormous scale, safety and connectivity, and lack of documentation make it difficult to comply with PCI DSS [1, 3, 8, 18] This is the main motivation of this paper to shape the upcoming versions PCI DSS to consider IoTbased payments and highlight important relevant research issues for secure IoT payments and give recommendations for future research directions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
