DNP in Full Scale Deployment of PCI DSS Compliant Consulting Support Service
Dai Nippon Printing Co., Ltd. (DNP) is pleased to announce the full scale deployment of a consulting support service for company security systems that conforms to Payment Card Industry Data Security Standards (PCI DSS1), the international credit card security standard.
- Japan Consumer Credit Association (JCA) Responses
In the Action Plan for the Strengthening of Measures for Security in Credit Card Transactions released in February 2016, the JCA established PCI DSS as the domestic credit card data security standard. The JCA requires each company that handles credit card data to develop a PCI DSS-compliant information security management system. As a result, more companies are looking to become aware of those portions of in-house management systems that conform to PCI DSS, and those which are currently non-compliant, and are seeking the advice of external experts regarding the necessary measures in order to become fully compliant.
- Responses to Increased Needs from BPO Companies such as Cloud Computer Service Operators
In the case that credit card issuing companies outsource credit card data handling to BPO companies such as cloud computer service operators, the BPO operators are also required to conform to PCI DSS. As PCI DSS compliance is essential in order for such BPO outsources to expand their business, and companies aiming to bring their systems into line with this security standard are likely to increase.
- Inbound Tourism Driven Expansion
In recent years, Japan has seen an upsurge in the number of overseas visitors, and inbound-driven services by domestic companies are also on the rise. Given the increased likelihood of Japanese companies being targeted by cybercrime, the momentum towards the creation of more sophisticated security systems is also expected to rise.
- Other Needs
PCI DSS shows concrete values for information security measures As a result, by transferring credit card numbers to confidential and personal data, it is possible to use the protocol as an in-house data security standard. Companies in industries outside of credit cards, such as manufacturing firms, are increasingly adopting PCI DSS as their in-house security standard, and as result, consulting demand is expected to grow.
[DNP and PCI DSS]
DNP was the first Japanese printing company to acquire PCI DSS certification in 2008. Since then, DNP has deployed qualified staff as internal auditors and experts, and has accumulated relevant know-how. DNP also undergoes PCI card manufacturing standard auditing - a more rigorous check than those for PCI DSS - as an international credit card brand certified plant, on an ongoing basis. In addition, in January 2016, the DNP Kashiwa Data Center cloud-based service acquired certification for the latest 3.1 version of PCI DSS.
In this latest development, DNP will leverage its PCI DSS-related know-how and experiences to offer a PCI DSS compliance support service.
DNP will offer a consulting service in the following four phases in line with client needs.
1. PCI DSS Divergence Analysis (compliance commencement)
Helps visualize PCI DSS compliance target area, and non-compliant items. Extracts necessary issues for PCI DSS compliance.
2. Ongoing Compliance Support (in period between PCI DSS promotional stage and immediately prior to Qualified Security Assessor (QSA)2 based onsite assessment3)
DNP will offer advice and handle queries when companies devise operating rules, conduct process optimization, and improve systems.
3. Follow-up (QSA based onsite appraisal)
Attendance during QSA on-site interview and company visit, along with the handling of queries.
4. PCI DSS Maintenance Follow-up (post-compliance stage)
Periodic follow-up, and presentation of up to date information when PCI DSS undergoes version updates.
Phase 1 costs will vary according to scale, but are expected to be approximately 5.0 million yen in the case of a single task, on a single operational location at a single data center. Costs for Phase 2 and beyond will be subject to ongoing monthly contracts.
DNP aims for sales of approximately 1.0 billion in the three years to FY 2018, from PCI DSS compliance support consulting, and the provision of resultant security solutions.