skip to main content
10.1145/3299815.3314434acmconferencesArticle/Chapter ViewAbstractPublication Pagesacm-seConference Proceedingsconference-collections
research-article

Adapting Financial Technology Standards to Blockchain Platforms

Published: 18 April 2019 Publication History

Abstract

Traditional payment systems have standards designed to keep transaction data secure, but blockchain systems are not in scope for such security standards. We compare the Payment Application Data Security Standard's (PA-DSS) applicability towards transaction-supported blockchain platforms to test the standard's applicability. By highlighting the differences in implementation on traditional and decentralized transaction platforms, we critique and adapt the standards to fit the decentralized model. In two case studies, we analyze the QTUM and Ethereum blockchain platforms' industry compliance, as their payment platforms support transactions equivalent to that of applications governed by the PA-DSS. We determine QTUM's and Ethereum's capabilities to properly ensure secure data handling with respect to current security standards. After adapting the PA-DSS and analyzing the QTUM and Ethereum platforms, we revise the new set of standards to create a set of best-practices for ensuring data security on both traditional and blockchain payment systems. We report the security gaps identified on each platform based on the final revision of the standards, presenting a conclusive perspective that neither platform is suitable for business adoption based on the PA-DSS standard's results. Finally, we discuss open research issues.

References

[1]
M. Andrychowicz, S. Dziembowski, D. Malinowski, and L. Mazurek. 2014. Secure Multiparty Computations on Bitcoin. In 2014 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp. 443--458.
[2]
N. Atzei, M. Bartoletti, and T. Cimoli. 2017. A Survey of Attacks on Ethereum Smart Contracts (SoK). In Principles of Security and Trust. Springer, pp. 164--186.
[3]
M. Bartoletti and L. Pompianu. 2017. An Empirical Analysis of Smart Contracts: Platforms, Applications, and Design Patterns. In International Conference on Financial Cryptography and Data Security. Springer, Sliema, Malta, pp. 494--509.
[4]
A. Biryukov, D. Khovratovich, and I. Pustogarov. 2014. Deanonymisation of Clients in Bitcoin P2P Network. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, Scottsdale, AZ, USA, pp. 15--29.
[5]
M. Conti, S. Kumar, C. Lal, and S. Ruj. 2018. A Survey on Security and Privacy Issues of Bitcoin. IEEE Communications Surveys & Tutorials 20, 4 (2018), pp. 3416--3452.
[6]
K. Delmolino, M. Arnett, A. Kosba, A. Miller, and E. Shi. 2016. Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab. In International Conference on Financial Cryptography and Data Security. Springer, ChristChurch, Barbados, pp. 79--94.
[7]
G. Bello and A.J. Perez 2018. Adapted PA-DSS Standards. https://tinyurl.com/yabykwf8
[8]
A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. 2016. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. In 2016 IEEE symposium on security and privacy (SP). IEEE, San Jose, CA, USA, pp. 839--858.
[9]
P. Koshy, D. Koshy, and P. McDaniel. 2014. An Analysis of Anonymity in Bitcoin using P2P Network Traffic. In International Conference on Financial Cryptography and Data Security. Springer, Christ Church, Barbados, pp. 469--485.
[10]
L. Luu, D. Chu, H. Olickel, P. Saxena, and A. Hobor. 2016. Making Smart Contracts Smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, Vienna, Austria, pp. 254--269.
[11]
M. Di Ferrante and R. Mercer. 2017. Towards Blockchain Transaction Privacy. https://www.clearmatics.com/wp-content/uploads/2017/06/IEEE-Presentation.pdf
[12]
M. Gray and C. Hajduk. 2017. Anatomy of a Smart Contract. https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/AnatomyofASmartContract.md
[13]
M. Gray and C. Hajduk. 2017. Anatomy of a Smart Contract 2. https://azure.microsoft.com/en-us/blog/scanatomy-2
[14]
S. Ma, Y. Deng, D. He, J. Zhang, and X. Xie. 2017. An Efficient NIZK Scheme for Privacy-Preserving Transactions over Account-Model Blockchain. IACR Cryptol. e-Print Arch., Tech. Rep (2017), 1239.
[15]
M.Gray and C. Hajduk. 2017. Cryptlets Deep Dive. https://github.com/Azure/azure-blockchain-projects/blob/master/bletchley/CryptletsDeepDive.md
[16]
N. Szabo. 1997. The Idea of Smart Contracts. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/idea.html
[17]
N. Szabo. 2002. A Formal Language for Analyzing Contracts. http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/contractlanguage.html
[18]
S. Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. (2008).
[19]
PCI Security Standards Council. 2008. Payment Application Data Security Standard: Frequently Asked Questions. https://www.pcisecuritystandards.org/pdfs/pci_pa-dss_faqs.pdf
[20]
PCI Security Standards Council. 2013. Payment Card Industry (PCI) Payment Application Data Security Standard-Requirements and Security Assessment Procedures version 3.0. https://www.pcisecuritystandards.org/minisite/en/docs/PA-DSS_v3.pdf
[21]
Y. Sompolinsky and A. Zohar. 2015. Secure High-Rate Transaction Processing in Bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, San Juan, Puerto Rico, pp. 507--527.
[22]
U.S. Small Business Administration. 2016. Contract Law - How to Create a Legally Binding Contract. https://www.sba.gov/blogs/contract-law-how-create-legally-binding-contract
[23]
V. Buterin 2016. Thinking About Smart Contract Security. https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/
[24]
F. Zhang, E. Cecchetti, K. Croman, A. Juels, and E. Shi. 2016. Town Crier: An Authenticated Data Feed for Smart Contracts. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, Vienna, Austria, pp. 270--282.

Cited By

View all
  • (2024)Role of Fintech as an Enabler to Fulfill HR Requirements and Attain SustainabilityBusiness Development via AI and Digitalization10.1007/978-3-031-62106-2_5(59-67)Online publication date: 3-Sep-2024
  • (2023)Critical success factors in the FinTech WorldElectronic Commerce Research and Applications10.1016/j.elerap.2023.10128060:COnline publication date: 24-Aug-2023
  • (2022)Modeling the Enablers to FinTech Innovation in Saudi Arabia: A Hybrid Approach Using ISM and ANPSystems10.3390/systems1005018110:5(181)Online publication date: 8-Oct-2022
  • Show More Cited By

Recommendations

Reviews

Balint Molnar

Financial technology (fintech) has become an important component of the finance, banking, and payment industry. Essential financial technologies include the various approaches for blockchain and smart contracts. In this paper, the authors investigate the standard defined by the payment industry as it applies to recent blockchain and smart contract solutions. The literature overview discusses vulnerabilities and privacy problems related to the actual implementation of blockchain and smart contracts. User anonymization, pseudo-anonymization, and identification are crucial issues. There are some contradictory requirements: simple payment transactions necessitate the anonymity of the payer side generally; on the other hand, business transactions among firms demand the unambiguous identification of partners. The authors select two available solutions: QTUM and Ethereum. The authors analyze whether the Payment Application Data Security Standard (PA-DSS) permits the application of blockchain and smart contract technologies, and where gaps exist in its definition. A comparative study highlights the violations and discrepancies of the prescribed rules between the two technologies and PA-DSS. The paper is an interesting read for security experts, professionals, and consultants involved in fintech. The authors examine privacy, data security, and protection problems using the two platforms. They conclude that the smart contract solution offers enormous business potential; however, several security issues remain. PA-DSS designates the roadmap that contributors to blockchain and smart contract technologies should follow.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ACMSE '19: Proceedings of the 2019 ACM Southeast Conference
April 2019
295 pages
ISBN:9781450362511
DOI:10.1145/3299815
  • Conference Chair:
  • Dan Lo,
  • Program Chair:
  • Donghyun Kim,
  • Publications Chair:
  • Eric Gamess
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Application security
  2. Blockchain
  3. Compliance
  4. Financial technology
  5. Payment card industry
  6. Privacy
  7. Security frameworks
  8. Security standards
  9. Smart contracts
  10. User data

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ACM SE '19
Sponsor:
ACM SE '19: 2019 ACM Southeast Conference
April 18 - 20, 2019
GA, Kennesaw, USA

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)20
  • Downloads (Last 6 weeks)2
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Role of Fintech as an Enabler to Fulfill HR Requirements and Attain SustainabilityBusiness Development via AI and Digitalization10.1007/978-3-031-62106-2_5(59-67)Online publication date: 3-Sep-2024
  • (2023)Critical success factors in the FinTech WorldElectronic Commerce Research and Applications10.1016/j.elerap.2023.10128060:COnline publication date: 24-Aug-2023
  • (2022)Modeling the Enablers to FinTech Innovation in Saudi Arabia: A Hybrid Approach Using ISM and ANPSystems10.3390/systems1005018110:5(181)Online publication date: 8-Oct-2022
  • (2022)The Emerging Technologies of Digital Payments and Associated Challenges: A Systematic Literature ReviewFuture Internet10.3390/fi1501002115:1(21)Online publication date: 30-Dec-2022
  • (2022)Unfolding the blockchain eraJournal of Network and Computer Applications10.1016/j.jnca.2022.103511207:COnline publication date: 1-Nov-2022
  • (2021)Recent Advances in Wearable Sensing TechnologiesSensors10.3390/s2120682821:20(6828)Online publication date: 14-Oct-2021
  • (2021)A critical review of blockchain applications to banking and finance: a qualitative thematic analysis approachTechnology Analysis & Strategic Management10.1080/09537325.2021.1979509(1-17)Online publication date: 20-Sep-2021
  • (2021)Bringing Blockchain Technology in Innovating Industries: A Systematic ReviewProceedings of International Conference on Emerging Technologies and Intelligent Systems10.1007/978-3-030-85990-9_33(391-416)Online publication date: 3-Dec-2021
  • (2020)Challenges and Trends of Financial Technology (Fintech): A Systematic Literature ReviewInformation10.3390/info1112059011:12(590)Online publication date: 21-Dec-2020
  • (2020)A Cost Analysis of Internet of Things Sensor Data Storage on Blockchain via Smart ContractsElectronics10.3390/electronics90202449:2(244)Online publication date: 2-Feb-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media