DNP in Full Scale Deployment of PCI DSS Compliant Consulting Support Service

Dai Nippon Printing Co., Ltd. (DNP) is pleased to announce the full scaledeployment of a consulting support service for company security systems thatconforms to Payment Card Industry Data Security Standards (PCI DSS¹),the international credit card security standard.

[Background]

- Japan Consumer Credit Association (JCA) Responses

In the Action Plan for the Strengthening of Measures for Security in CreditCard Transactions released in February 2016, the JCA established PCI DSS asthe domestic credit card data security standard. The JCA requires each companythat handles credit card data to develop a PCI DSS-compliant information securitymanagement system. As a result, more companies are looking to become aware ofthose portions of in-house management systems that conform to PCI DSS, and thosewhich are currently non-compliant, and are seeking the advice of external expertsregarding the necessary measures in order to become fully compliant.

- Responses to Increased Needs from BPO Companies such as Cloud ComputerService Operators

In the case that credit card issuing companies outsource credit card datahandling to BPO companies such as cloud computer service operators, the BPOoperators are also required to conform to PCI DSS. As PCI DSS compliance isessential in order for such BPO outsources to expand their business, and companiesaiming to bring their systems into line with this security standard are likelyto increase.

- Inbound Tourism Driven Expansion

In recent years, Japan has seen an upsurge in the number of overseas visitors,and inbound-driven services by domestic companies are also on the rise. Giventhe increased likelihood of Japanese companies being targeted by cybercrime,the momentum towards the creation of more sophisticated security systems isalso expected to rise.

- Other Needs

PCI DSS shows concrete values for information security measures As a result,by transferring credit card numbers to confidential and personal data, it ispossible to use the protocol as an in-house data security standard. Companiesin industries outside of credit cards, such as manufacturing firms, are increasinglyadopting PCI DSS as their in-house security standard, and as result, consultingdemand is expected to grow.

[DNP and PCI DSS]

DNP was the first Japanese printing company to acquire PCI DSS certificationin 2008. Since then, DNP has deployed qualified staff as internal auditors andexperts, and has accumulated relevant know-how. DNP also undergoes PCI cardmanufacturing standard auditing - a more rigorous check than those for PCI DSS- as an international credit card brand certified plant, on an ongoing basis.In addition, in January 2016, the DNP Kashiwa Data Center cloud-based serviceacquired certification for the latest 3.1 version of PCI DSS.

In this latest development, DNP will leverage its PCI DSS-related know-howand experiences to offer a PCI DSS compliance support service.

[Service Summary]

DNP will offer a consulting service in the following four phases in linewith client needs.

1.  PCI DSS Divergence Analysis (compliance commencement)

Helps visualize PCI DSS compliance target area, and non-compliant items.Extracts necessary issues for PCI DSS compliance.

2.  Ongoing Compliance Support (in period between PCI DSS promotionalstage and immediately prior to Qualified Security Assessor (QSA)²based onsite assessment³)

DNP will offer advice and handle queries when companies devise operatingrules, conduct process optimization, and improve systems.

3.  Follow-up (QSA based onsite appraisal)

Attendance during QSA on-site interview and company visit, along with thehandling of queries.   

4.  PCI DSS Maintenance Follow-up (post-compliance stage)

Periodic follow-up, and presentation of up to date information when PCI DSSundergoes version updates.

Phase 1 costs will vary according to scale, but are expected to be approximately5.0 million yen in the case of a single task, on a single operational locationat a single data center. Costs for Phase 2 and beyond will be subject to ongoingmonthly contracts.

[Looking Ahead]

DNP aims for sales of approximately 1.0 billion in the three years to FY2018, from PCI DSS compliance support consulting, and the provision of resultantsecurity solutions.

1.  PCI DSS: PCI DSS is a security industry standard developedby the PCI Security Standards Council (PCI SSC), which has been establishedby the five major international card brands, with the objective of protectingcredit card member data, and maintaining safe transactions by card personalizationcompanies and participating outlets. The protocol stipulates concrete managementapproaches and operations for the following areas;

- The building and maintaining of secure networks and systems

- The protection of cardholder data

- Maintenance of a vulnerability management program

- Implementation of strong access control measures

- The regular monitoring and testing of networks, and

- Maintenance of an information security policy.

2.  QSA: Acronym for PCI DSS certified Qualified Security Assessor

3.  Onsite assessment: QSA visit-based assessments required ona specific frequency throughout the year by credit card personalization businessoperators and service providers.

* Product prices, specification and service contents mentioned in this newsrelease are current as of the date of publication. They may be changed at anytime without notice.