DNP in Full Scale Deployment of PCI DSS Compliant Consulting Support Service

Dai Nippon Printing Co., Ltd. (DNP) is pleased to announce the full scale deployment of a consulting support service for company security systems that conforms to Payment Card Industry Data Security Standards (PCI DSS1), the international credit card security standard.

[Background]

- Japan Consumer Credit Association (JCA) Responses

In the Action Plan for the Strengthening of Measures for Security in Credit Card Transactions released in February 2016, the JCA established PCI DSS as the domestic credit card data security standard. The JCA requires each company that handles credit card data to develop a PCI DSS-compliant information security management system. As a result, more companies are looking to become aware of those portions of in-house management systems that conform to PCI DSS, and those which are currently non-compliant, and are seeking the advice of external experts regarding the necessary measures in order to become fully compliant.

- Responses to Increased Needs from BPO Companies such as Cloud Computer Service Operators

In the case that credit card issuing companies outsource credit card data handling to BPO companies such as cloud computer service operators, the BPO operators are also required to conform to PCI DSS. As PCI DSS compliance is essential in order for such BPO outsources to expand their business, and companies aiming to bring their systems into line with this security standard are likely to increase.

- Inbound Tourism Driven Expansion

In recent years, Japan has seen an upsurge in the number of overseas visitors, and inbound-driven services by domestic companies are also on the rise. Given the increased likelihood of Japanese companies being targeted by cybercrime, the momentum towards the creation of more sophisticated security systems is also expected to rise.

- Other Needs

PCI DSS shows concrete values for information security measures As a result, by transferring credit card numbers to confidential and personal data, it is possible to use the protocol as an in-house data security standard. Companies in industries outside of credit cards, such as manufacturing firms, are increasingly adopting PCI DSS as their in-house security standard, and as result, consulting demand is expected to grow.

[DNP and PCI DSS]

DNP was the first Japanese printing company to acquire PCI DSS certification in 2008. Since then, DNP has deployed qualified staff as internal auditors and experts, and has accumulated relevant know-how. DNP also undergoes PCI card manufacturing standard auditing - a more rigorous check than those for PCI DSS - as an international credit card brand certified plant, on an ongoing basis. In addition, in January 2016, the DNP Kashiwa Data Center cloud-based service acquired certification for the latest 3.1 version of PCI DSS.

In this latest development, DNP will leverage its PCI DSS-related know-how and experiences to offer a PCI DSS compliance support service.

[Service Summary]

DNP will offer a consulting service in the following four phases in line with client needs.

1.  PCI DSS Divergence Analysis (compliance commencement)

Helps visualize PCI DSS compliance target area, and non-compliant items. Extracts necessary issues for PCI DSS compliance.

2.  Ongoing Compliance Support (in period between PCI DSS promotional stage and immediately prior to Qualified Security Assessor (QSA)2 based onsite assessment3)

DNP will offer advice and handle queries when companies devise operating rules, conduct process optimization, and improve systems.

3.  Follow-up (QSA based onsite appraisal)

Attendance during QSA on-site interview and company visit, along with the handling of queries.   

4.  PCI DSS Maintenance Follow-up (post-compliance stage)

Periodic follow-up, and presentation of up to date information when PCI DSS undergoes version updates.

Phase 1 costs will vary according to scale, but are expected to be approximately 5.0 million yen in the case of a single task, on a single operational location at a single data center. Costs for Phase 2 and beyond will be subject to ongoing monthly contracts.

[Looking Ahead]

DNP aims for sales of approximately 1.0 billion in the three years to FY 2018, from PCI DSS compliance support consulting, and the provision of resultant security solutions.

 
1.  PCI DSS: PCI DSS is a security industry standard developed by the PCI Security Standards Council (PCI SSC), which has been established by the five major international card brands, with the objective of protecting credit card member data, and maintaining safe transactions by card personalization companies and participating outlets. The protocol stipulates concrete management approaches and operations for the following areas;
- The building and maintaining of secure networks and systems
- The protection of cardholder data
- Maintenance of a vulnerability management program
- Implementation of strong access control measures
- The regular monitoring and testing of networks, and
- Maintenance of an information security policy.
2.  QSA: Acronym for PCI DSS certified Qualified Security Assessor
3.  Onsite assessment: QSA visit-based assessments required on a specific frequency throughout the year by credit card personalization business operators and service providers.
* Product prices, specification and service contents mentioned in this news release are current as of the date of publication. They may be changed at any time without notice.