• Inquiry
  • +81-3-6425-6735
    (Business hours 9:00 am - 6:00 pm)

PCI DSSPCI DSS Compliance Support

Information / Flow

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a joint initiative by the five international card brands American Express, Discover, JCB, MasterCard, and VISA in 2004. It is a unified security standard for the protection of credit card information, established for the purpose of reducing the number risks with credit card transactions and enhance the efficiency of security management.

It is currently operated and managed by the PCI Security Standards Council (PCI SSC), an organization jointly established by five companies.

Benefits of PCI DSS Certification

  1. Improved corporate value (credibility, branding)
  2. More specific security policies can be defined than ISO27001
  3. Protect your site from unauthorized access
  4. Reduced risk of site tampering and abuse

Flow of PCI DSS Acquisition

Period6 months and up

Requirements for PCI DSS Certification

To obtain PCI DSS certification, 12 requirements and the security requirements in its detailed section must be met.

Build and maintain secure networks and systems
Requirement 1 Install and maintain a firewall to protect cardholder data
Requirement 2 Do not use vendor-supplied default values for system passwords and other security parameters
Protecting Cardholder Data
Requirement 3 Protect stored cardholder data
Requirement 4 Encrypt cardholder data when transmitted over open public networks
Maintain a vulnerability management program
Requirement 5 Protect all systems against malware and update antivirus software regularly
Requirement 6 Develop and maintain highly secure systems and applications
Implement strong access control methods
Requirement 7 Limit access to cardholder data to what is necessary for business purposes
Requirement 8 Identify and authenticate access to system components
Requirement 9 Restrict physical access to cardholder data
Regular monitoring and testing of the network
Requirement 10 Track and monitor all access to network resources and cardholder data
Requirement 11 Test security systems and processes on a regular basis
Maintain information security policy
Requirement 12 Maintain policies that address information security for all personnel

Features of MASON's Service Plan

  1. Extensive information security consulting experience
  2. Proven track record in security consulting for the credit industry
  3. Supported by former key members of the security team of a major information systems department

Target Companies

Card companies are required to comply according to the level of each card company's annual card transaction volume, including businesses that handle card information.

Financial Industry:
Credit card companies, credit card issuing financial institutions
Distribution industry:
Major department stores, supermarkets, mass merchandisers, railroads, airlines
Telecommunications/ Media / Public::
Cellular phone companies, telecommunications companies, utilities, newspapers
Petroleum industry, etc.

Example of selection criteria for merchants of credit card companies

Level Average number of transactions per month Work that must be performed
A Less than 10,000 cases 1. Self-diagnosis by questionnaire
B 10,000 to 50,000 cases 1. Self-diagnosis by questionnaire
2. Quarterly vulnerability scanning test
C Over 50,000 cases 1. Self-diagnosis by medical questionnaire
2. Quarterly vulnerability scanning test
3. On-site survey
1. Self-interrogation (Mandatory work for Level A)

The questionnaire is based on the PCIDSS requirements and if your answer is "Yes" to all of them, you will receive a certification.

2. Network Vulnerability Scan (Mandatory work for Level B)

This is an audit by the department to ensure that the security requirements of the PCI DSS are met by PCI SSC-approved scanning vendors (ASV=Approved Scanning Vendor) for server equipment, network equipment, and applications that are in contact with the stakeholders. The vendor must undergo inspections at least four times a year to obtain certification.

3. On-site Audit (Mandatory work for Level C)

An audit by a Qualified Security Assessor (QSA) accredited by the PCI SSC, which requires an annual renewal audit. Follow-up services are available after compliance with PCI DSS.

Follow-up services after PCI DSS compliance

It is not easy for companies to remain compliant, as daily operations and system changes are expected.
MASON has a complete follow-up system in place. Continuous improvement after acquisition, and even as a tool for business improvement, is available.

MASON provides services tailored to the customers' needs. Please contact us.

MASON Consulting, Co., Ltd.

10th Floor Shiba Daimon Center Bldg.,
1-10-11 Shiba Daimon, Minato-ku, Tokyo

Location Map

MASON has acquired ISO27001 certification.

MASON is committed to implementing security measures in accordance with the Guidelines for Information Security Measures for Small and Medium Enterprises.