GMO Payment Gateway Adds Service to Enhance the Security of Card payment on EC Sites ~Reduces the risk of card number leakage by payment processing using tokens~

GMO Internet Group develops payment processing business such as non-face-to-face credit cards GMO Payment Gateway, Inc. (TSE Part: Securities code 3769 Headquarters: Shibuya-ku, Tokyo, President & Chief Executive Officer: Issei Ainoura hereinafter referred to as GMO-PG) uses tokens (random alphanumeric strings) Credit card payment The service has been available since today, Wednesday, April 15, 2015.
This service is a service that allows EC site operators to replace credit card numbers with tokens and process them payment so that they can payment without touching the purchaser's credit card number. By introducing this service, it is possible to reduce the risk of leakage of credit card numbers from the merchant side.
Until now, GMO-PG has been focusing on creating a secure payment environment, such as providing a "non-retention of card information service" (*1) to prevent information leakage of merchants, and this service was provided to some merchants as one of them, but now it will be provided to all merchants so that more merchants can use the safe and secure Credit card payment service.

As of 2013, the Japan domestic e-commerce market has expanded to a scale of 11.2 trillion yen (up 17.4% from the previous year) (*1), and at the same time, the use of Credit card payment on the Internet is rapidly spreading. In fact, according to a survey, Credit card payment accounts for more than 50% of the payment methods on e-commerce sites (*2), and there is a need for a safer and more secure payment environment.
In order to safely Credit card payment on such e-commerce sites, it is important to reduce the number of people who come into contact with credit card numbers and reduce the risk of leakage from the e-commerce site.
Against this backdrop, Ministry of Economy, Trade and Industry launched "Credit Transaction Security Council" on March 24, 2015, and has begun to consider specific measures against information leakage, such as promoting the non-retention of card information at merchants and verifying PCI DSS compliance (*2) when holding cards.

GMO-PG also offers "3D Secure support" (*3)" and "Security Code support(*4)" functions to protect consumers from credit card fraud, "non-card information retention service" to prevent information leakage on the EC site side, and "chargeback compensation group insurance" to compensate for damages caused by EC site operators due to chargeback (*5). We are striving to strengthen the security of Credit card payment and at the same time create an environment where merchants can feel at ease.

As one of these services, we have been offering token-based payment to some merchants who have requested it, but we have decided to expand it to all merchants so that more e-commerce sites can build a secure payment environment. In this service, GMO-PG replaces the credit card number entered by the purchaser with a token and performs payment processing, so the merchant can payment the credit card number without touching it (= "processing", "transmitting", "not holding").

(*1) Ministry of Economy, Trade and Industry From "25 Market Survey on E-commerce"
(*2) Yano Research Institute, Inc., "electronic payment /EC payment Service Situation and Future Forecast 2014 Edition"

<Image of payment flow using tokens>

In the token-based payment service, GMO-PG replaces the credit card number entered by the purchaser with a token and processes it as a character string that is different from the credit card number payment. GMO-PG merchants can complete Credit card payment without "holding" the buyer's credit card number, nor "processing" or "transmitting" it over a server or network.
This reduces the risk of credit card number leakage on the merchant side, and even if the token is leaked, there is no risk of the credit card number being leaked because it is an invalid string that has no meaning in itself.
In addition, in order for merchants to payment without touching the credit card number, it payment was necessary to provide a dedicated payment screen on the GMO-PG server and have the purchaser link (screen transition). I could only deal with it. However, the token-based payment service, which does not touch credit card numbers, can be introduced by merchants who have customized the payment system, and since there is no need to prompt the buyer to transition to the screen, it can prevent the purchase from being abandoned by external links.

GMO Payment Gateway is available to more than 54,000 merchants (as of December 2014 of the GMO Payment Gateway Group), including non-face-to-face sales businesses such as online shops, SNS, and content developed on smartphones, businesses that charge monthly fees such as NHK and subscription, and public entity such as the Japan Pension Service and the Tokyo Metropolitan Government. We accept payment processing services including credit cards. We aim to provide a safe and convenient payment for consumers and businesses, and to be the infrastructure for Japan payment processes. As a leading company in the payment industry, we will drive innovation and contribute to improving the EC ratio of Japan.

[Glossary]

GMO-PG (Company Profile)

URL : http://corp.gmo-pg.com/

GMO-PG (Service)

URL : http://www.gmo-pg.com/