A Holistic Review of PCI Security Standards Framework for Customer Relationship Management (CRM) Software

Authors

  • Srinivas Chippagiri

Keywords:

Overview of Payment card industry (PCI), PCI Requirement, CRM software, challenges.

Abstract

Payment Card Industry Data Security Standard (PCI-DSS) a set of security standards developed as a cooperative effort among card issues. Customer Relationship Management (CRM) software must be PCI DSS complaint in order to properly address security of customer payment data. Given that more and more organizations have become victims of data breaches and cyberattacks, CRM systems that regularly process, store, and transfer payment card data must meet the standards set by the PCI DSS guidelines. This article provides a complex overview of the PCI security requirements, including their relevance to and fitness for CRM software. This work aims to explain the functions of different areas of the PCI DSS as well as data encryption, access control, network security, and the part of security audit on the compliance level. The paper also analyses the specific difficulties businesses experience when it comes to achieving PCI compliance in CRM systems: the listed problems include high costs of implementation, complicated legislation, and constant monitoring processes. It also gives recommendations on what can be done in practice, including using secure APIs, tokenization, or assigning risk assessments at the stages of creating and updating CRMs. The need to be PCI compliant with respect to the protection of sensitive data, avoiding fines, gaining customer trust and staying competitive is discussed. This comprehensive analysis reemphasizes the call for the incorporation of PCI DSS standards into CRM software solutions for the improvement of security, protection of customer information, and addressing compliance requirements in the rapidly growing e-business environment.

Downloads

Download data is not yet available.

References

N. Abid, “Improving Accuracy and Efficiency of Online Payment Fraud Detection and Prevention with Machine Learning Models,” Int. J. Innov. Sci. Res. Technol., vol. 9, no. 12, pp. 711–723, 2024.

S. Arora, “Security Vulnerabilities in Edge Computing : A Comprehensive Review,” Int. J. Res. Anal. Rev., vol. 9, no. 4, pp. 936–941, 2022.

H. Sinha, “An examination of machine learning-based credit card fraud detection systems,” Int. J. Sci. Res. Arch., vol. 12, no. 01, pp. 2282–2294, 2024, doi: https://doi.org/10.30574/ijsra.2024.12.2.1456.

M. Gorge, “The PCI standard and its implications for the security industry,” Comput. Fraud Secur., 2006, doi: 10.1016/S1361-3723(06)70307-4.

S. Yulianto, C. Lim, and B. Soewito, “Information security maturity model: A best practice driven approach to PCI DSS compliance,” Proc. - 2016 IEEE Reg. 10 Symp. TENSYMP 2016, pp. 65–70, 2016, doi: 10.1109/TENCONSpring.2016.7519379.

R. Arora, “Mitigating Security Risks on Privacy of Sensitive Data used in Cloud-based Mitigating Security Risks on Privacy of Sensitive Data used in Cloud-based ERP Applications,” 8th Int. Conf. “Computing Sustain. Glob. Dev., no. March, pp. 458–463, 2021.

R. Arora, S. Gera, and M. Saxena, “Mitigating Security Risks on Privacy of Sensitive Data used in Cloud-based ERP Applications,” in 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom), 2021, pp. 458–463.

V. Tien Dat et al., “The process of CRM system implementation at Dien May Xanh in Vietnam,” Int. J. Multidiscip. Res. Growth Eval., 2021.

H. A. Al-homery, H. Asharai, and A. Ahmad, “The Core Components and Types of CRM I . Introduction,” Pakistan J. Humanit. Soc. Sci., vol. 7, no. 1, pp. 121–145, 2019.

R. Bishukarma, “Scalable Zero-Trust Architectures for Enhancing Security in Multi-Cloud SaaS Platforms,” Int. J. Adv. Res. Sci. Commun. Technol., vol. 3, no. 3, pp. 1308–1319, 2023, doi: 10.48175/IJARSCT-14000S.

B. Boddu, “SOC Audit and Encryption Customer Data and Privacy at Database Security,” J. Artif. Intell. Mach. Learn. Data Sci., vol. 2, no. 1, p. 5, 2024.

P. S. S. Council, “Payment Card Industry ( PCI ) Data Security Standard,” May, 2018.

P. S. S. Council, “Payment Card Industry ( PCI ) Payment Application Data Security Standard Requirements and Security Assessment Procedures,” PCI DSS Requir. Secur. Assess. Proced., 2010,[Online].Available: https://otm.finance.harvard.edu/files/otm/files/pci_security_standards.pdf

S. Rahaman, G. Wang, and D. Yao, “Security certification in payment card industry: Testbeds, measurements, and recommendations,” in Proceedings of the ACM Conference on Computer and Communications Security, 2019. doi: 10.1145/3319535.3363195.

K. Razikin and A. Widodo, “General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance,” CommIT J., 2021, doi: 10.21512/commit.v15i2.6931.

S. HANCOCK, “THE PCI SELF-ASSESSMENT QUESTIONNAIRE (SAQ),” in PCI DSS Version 4.0, IT Governance Publishing, 2024, pp. 54–58. doi: 10.2307/jj.12011252.15.

A. A. Chuvakin and B. R. Williams, “Why Is PCI Here?,” in PCI Compliance, 2010. doi: 10.1016/b978-1-59749-499-1.00008-8.

PCI Security Standards and Council, “Payment Card Industry Security Standards,” PCI Secur. Stand. Counc. LLC, 2010, [Online].Available: https://listings.pcisecuritystandards.org/documents/PCI_SSC_Overview.pdf

C. PCI Security Standards, “PCI Software Security Framework Provides a Modern Approach to Payment Software Security,” pcisecuritystandards. [Online]. Available: https://listings.pcisecuritystandards.org/documents/SSF_At-a-Glance.pdfftware Security

D. Ortiz-Yepes, “A critical review of the EMV payment tokenisation specification,” Comput. Fraud Secur., 2014, doi: 10.1016/S1361-3723(14)70539-1.F. Benefits, F. Requirements, and P. Software, “PCI Software Security Framework Provides a Modern Approach to Payment Software Security Options Support Broader Range of,” 2019.

H. Omotunde and M. Ahmed, “A Comprehensive Review of Security Measures in Database Systems: Assessing Authentication, Access Control, and Beyond,” Mesopotamian Journal of CyberSecurity. 2023. doi: 10.58496/MJCS/2023/016.

V. M. Michail, “Dissertation « Payment Card Industry Data Security Standard-Readiness Project»,” no. December, 2015.

A. and P. Khare, “Cloud Security Challenges : Implementing Best Practices for Secure SaaS Application Development,” Int. J. Curr. Eng. Technol., vol. 11, no. 6, pp. 669–676, 2021, doi: https://doi.org/10.14741/ijcet/v.11.6.11.

F. Zohora, R. Parveen, A. Nishan, M. Haque, and S. Rahman, “OPTIMIZING CREDIT CARD SECURITY USING CONSUMER BEHAVIOR DATA: A BIG DATA AND MACHINE LEARNING APPROACH TO FRAUD DETECTION,” Front. Mark. Manag. Econ. J., vol. 04, pp. 26–60, 2024, doi: 10.37547/marketing-fmmej-04-12-04.

M. N. M. Bhutta et al., “Towards Secure IoT-Based Payments by Extension of Payment Card Industry Data Security Standard (PCI DSS),” Wirel. Commun. Mob. Comput., 2022, doi: 10.1155/2022/9942270.

G. Wanganga and Y. Qu, “A Deep Learning based Customer Sentiment Analysis Model to Enhance Customer Retention and Loyalty in the Payment Industry,” in Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020, 2020. doi: 10.1109/CSCI51800.2020.00086

L. S. C. Nunnagupala, S. R. Mallreddy, and J. R. Padamati, “Achieving PCI Compliance with CRM Systems,” Turkish J. Comput. Math. Educ., vol. 13, no. 1, pp. 529–535, 2022, doi: 10.61841/turcomat.v13i1.14689

Downloads

Published

12.06.2024

How to Cite

Srinivas Chippagiri. (2024). A Holistic Review of PCI Security Standards Framework for Customer Relationship Management (CRM) Software. International Journal of Intelligent Systems and Applications in Engineering, 12(4), 4862 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/7226

Issue

Vol. 12 No. 4 (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.