Adapting financial technology standards to blockchain platforms
ACMSE 2019 - Proceedings of the 2019 ACM Southeast Conference
Application security, Blockchain, Compliance, Financial technology, Payment card industry, Privacy, Security frameworks, Security standards, Smart contracts, User data
© 2019 Copyright held by the owner/author(s). Traditional payment systems have standards designed to keep transaction data secure, but blockchain systems are not in scope for such security standards. We compare the Payment Application Data Security Standard’s (PA-DSS) applicability towards transaction-supported blockchain platforms to test the standard’s applicability. By highlighting the differences in implementation on traditional and decentralized transaction platforms, we critique and adapt the standards to fit the decentralized model. In two case studies, we analyze the QTUM and Ethereum blockchain platforms’ industry compliance, as their payment platforms support transactions equivalent to that of applications governed by the PA-DSS. We determine QTUM’s and Ethereum’s capabilities to properly ensure secure data handling with respect to current security standards. After adapting the PA-DSS and analyzing the QTUM and Ethereum platforms, we revise the new set of standards to create a set of best-practices for ensuring data security on both traditional and blockchain payment systems. We report the security gaps identified on each platform based on the final revision of the standards, presenting a conclusive perspective that neither platform is suitable for business adoption based on the PA-DSS standard’s results. Finally, we discuss open research issues.
Bello, Gabriel and Perez, Alfredo J., "Adapting financial technology standards to blockchain platforms" (2019). Faculty Bibliography. 2782.