In March 2020, the Credit Transaction Security Council (*1) The "Credit Card Security Guidelines" were announced as a successor to the "Action Plan 2019". This is a successor to the "Action Plan 2017" announced on March 8, 2017, the "Action Plan 2018" announced on March 1, 2018, and the "Action Plan 2019" announced on March 4, 2019, which reached their implementation deadline at the end of March 2020. The content follows the execution plan and there are no major changes. In addition, the "Act to Partially Amend the Installment Sales Act (Revised Installment Sales Act)" enacted in June 2018 requires non-face-to-face merchants that use credit card payment (card payment when receiving orders at EC businesses and call centersMail order businesses that use the service) are obliged to properly manage credit card information and prevent fraudulent use. Therefore, it is necessary to comply with the "Credit Card Security Guidelines," which are the practical guidelines of the amended Installment Sales Act, which are the practical guidelines of the revised Installment Sales Act.
*1 Established in March 2015 with the participation of a wide range of businesses involved in credit transactions and the Ministry of Ministry of Economy, Trade and Industry
The three pillars of the "Credit Card Security Guidelines" announced by the Credit Transaction Security Council
1. Measures against leakage of card information | 2. Countermeasures against fraudulent use of counterfeit cards | 3. Countermeasures against fraudulent use in EC |
---|---|---|
Don't let your card information be stolen * PCI DSS compliant PSP (* 2) It is necessary to use non-passing-over settlement using the service of. |
Don't use counterfeit cards | Don't spoof on the net |
|
|
|
Major revisions to the "Credit Card Security Guidelines" for EC businesses, including mail-order sales
■ Credit card information protection measures
■ Countermeasures against non-face-to-face fraud
■ Countermeasures against fraud payment services, etc.
■ Implementation of consumer awareness
(Reference)
・ Credit card security guidelinesEC businesses (non-Card Present Transactions) businesses need to take the following two measures.
If you are using pass-through payment
There is a strong need to move to non-passing-over settlement
payment data including card information, and if there is, delete it immediately.
If you are using non-passing-over settlement of card information
No action is required.
If you plan to use pass-through payment
Deprecated. When using it, compliance with PCI DSS is strongly required.
In addition, it is strongly required not to leave payment data including card information in the system log in the settings.
If you plan to use non-passing-over settlement for card information
Recommended.
[non-passing-over settlement] * Recommended | [Transit payment] |
---|---|
The card information will not be sent to the merchant, but will be sent directly to us.
|
Merchants that pass or store card information are required to comply with PCI DSS.
|
Click here for non-passing type provided by our company
It is required to introduce multiple items below to enhance the effect of preventing fraudulent use.
① | Personal authentication (3D Secure / Authentication Assist) |
② | Certificate face authentication (Security Code) |
③ | Attribute / behavior analysis |
④ | Shipping information |
This service is applicable when the introduced EC site is operated by a corporation.
If the introductory EC site is operated by an individual, please check here.