Security Solutions

Credit Card Security Guidelines

In March 2020, the Credit Transaction Security Council (*1) The "Credit Card Security Guidelines" were announced as a successor to the "Action Plan 2019". This is a successor to the "Action Plan 2017" announced on March 8, 2017, the "Action Plan 2018" announced on March 1, 2018, and the "Action Plan 2019" announced on March 4, 2019, which reached their implementation deadline at the end of March 2020. The content follows the execution plan and there are no major changes. In addition, the "Act to Partially Amend the Installment Sales Act (Revised Installment Sales Act)" enacted in June 2018 requires non-face-to-face merchants that use credit card payment (card payment when receiving orders at EC businesses and call centersMail order businesses that use the service) are obliged to properly manage credit card information and prevent fraudulent use. Therefore, it is necessary to comply with the "Credit Card Security Guidelines," which are the practical guidelines of the amended Installment Sales Act, which are the practical guidelines of the revised Installment Sales Act.
*1 Established in March 2015 with the participation of a wide range of businesses involved in credit transactions and the Ministry of Ministry of Economy, Trade and Industry

EC事業者に求められる対応

About credit card security guidelines

The three pillars of the "Credit Card Security Guidelines" announced by the Credit Transaction Security Council

1. Measures against leakage of card information 2. Countermeasures against fraudulent use of counterfeit cards 3. Countermeasures against fraudulent use in EC
Don't let your card information be stolen
* PCI DSS compliant PSP (* 2) It is necessary to use non-passing-over settlement using the service of.
Don't use counterfeit cards Don't spoof on the net
  • ・ "Non-holding" of card information at member stores
  • ・ Compliant with PCI DSS (* 3) of the business operator that holds the card information
  • ・ Realization of "100% IC" for credit cards
  • ・ Realization of "100% IC support" for payment
  • ・ Introduction of multi-faceted and multi-layered measures against fraudulent use according to risk

Major revisions to the "Credit Card Security Guidelines" for EC businesses, including mail-order sales

■ Credit card information protection measures

  • ・ Acceleration of promotion of customers who do not support credit card information protection measures
  • ・ Maintenance and operation of credit card information protection measures
  • ・ Expansion of businesses subject to card information protection measures
  • ・ Responding to diversified and sophisticated leaking techniques

■ Countermeasures against non-face-to-face fraud

  • ・ Penetration of security measures according to risk to member stores
  • ・ Re-verification of measures against fraud

■ Countermeasures against fraud payment services, etc.
■ Implementation of consumer awareness

(Reference)

・ Credit card security guidelines
Published version Summary version
・ Current status of security measures for credit card transactions, etc. and initiatives after FY2020
Main story summary version

About correspondence required for EC business

EC businesses (non-Card Present Transactions) businesses need to take the following two measures.

1. About card information leakage measures (non-holding)

EC business operators who are payment at online shops

If you are using pass-through payment

There is a strong need to move to non-passing-over settlement
payment data including card information, and if there is, delete it immediately.

If you are using non-passing-over settlement of card information

No action is required.

EC business operator who starts an online shop or payment

If you plan to use pass-through payment

Deprecated. When using it, compliance with PCI DSS is strongly required.
In addition, it is strongly required not to leave payment data including card information in the system log in the settings.

If you plan to use non-passing-over settlement for card information

Recommended.

[non-passing-over settlement] * Recommended [Transit payment]
non-passing-over settlement
Transit payment
The card information will not be sent to the merchant, but will be sent directly to us.
Merchants that pass or store card information are required to comply with PCI DSS.

Click here for non-passing type provided by our company

2. Countermeasures against unauthorized use

It is required to introduce multiple items below to enhance the effect of preventing fraudulent use.

Personal authentication (3D Secure / Authentication Assist)
Certificate face authentication (Security Code)
Attribute / behavior analysis
Shipping information
当社では非保持化に対応したサービスをご提供しております。
まずは専門スタッフへお気軽にご相談ください。
カード情報漏洩対策
お問い合わせ・資料請求