Contact

03-5719-7533

What is PCI DSS?

What is PCI DSS?

What is the Payment Card Industry Data Security Standard (PCI DSS)?

  • PCI DSS (Payment Card Industry Data Security Standard) is an international data security standard for the credit card industry.
  • It is a de facto standard established by the PCI Security Standards Council (U.S.), which was jointly founded by five international card brands (Visa, Mastercard, American Express, JCB, and Discover). UnionPay joined the council in 2020, making it a standard developed by a total of six companies.

Background of PCI DSS Establishment

Originally, security standards were individually set by each international card brand. This created a significant burden for merchants who generally handle multiple card types, as they had to comply with various distinct security standards.

In recent years, the rapid development of the internet has fostered the growth of e-commerce, leading to the globalization of payment processing. Simultaneously, cyberattacks have become borderless, complex, and sophisticated. Large-scale credit card fraud has begun to occur on a global level.

To address these issues, five international card brands jointly developed the standardized data security assessment standard, PCI DSS. The aim was to strengthen the security of credit card information, reduce the risk and burden on merchants, and promote these measures globally.

PCI DSS can be used as a technical and operational baseline established to protect cardholder data. Because the standard is structured and quantitatively defined, it has garnered attention in U.S. companies and is often adopted not only for credit card information but also as an organization-wide security measure.

PCI DSS 設立の背景

Principal PCI DSS Requirements

Build and Maintain a Secure Network and Systems

1. Install and Maintain Network Security Controls.
2. Apply Secure Configurations to All System Components.

Protect Account Data

3. Protect Stored Account Data.
4. Protect Cardholder Data with Strong Cryptography During Transmission Over Open, Public Networks.

Maintain a Vulnerability Management Program

5. Protect All Systems and Networks from Malicious Software.
6. Develop and Maintain Secure Systems and Software.

Implement Strong Access Control Measures

7. Restrict Access to System Components and Cardholder Data by Business Need to Know.
8. Identify Users and Authenticate Access to System Components.
9. Restrict Physical Access to Cardholder Data.

Regularly Monitor and Test Networks

10. Log and Monitor All Access to System Components and Cardholder Data.
11. Test Security of Systems and Networks Regularly.

Maintain an Information Security Policy

12. Support Information Security with Organizational Policies and Programs.

to page top