PCI DSS Validation Acquired for CAFIS® and All Other Main Card Payment Systems
- Fully compliant with international security guidelines -
Aug. 25, 2009
NTT DATA Corporation
NTT DATA Corporation has now acquired PCI DSS(note 1) validation for its CAFIS® card payment network system and four other main card payment systems.
Recognizing the growing importance of information security, NTT DATA began the process of validating CAFIS compliance with PCI DSS, the international standard for credit card industry information security that attracted global attention, back in March 2006, followed by other payment systems. After validation was acquired for CAFIS in February 2008, CDS® was validated as compliant in July 2008, BlueGate® in November 2008, and INFOX® and PastelPort® in June 2009.
The completion of PCI DSS validation means that the data security of the card payment infrastructure provided by NTT DATA is fully compliant with international standards. NTT DATA is committed to the on-going provision of environments that can be used securely by card companies and users, helping bring peace of mind to society.
Background to the Validation and NTT DATA Initiatives
Corporations in Japan and the rest of the world are increasingly turning their attention to data security standards, as growing awareness of privacy protection along with recently strengthened legal requirements have prompted them to implement advanced security management measures. Two globally accepted standards are the Information Security Management System standard (ISMS)(note 2) and Payment Card Industry Data Security Standard (PCI DSS).
NTT DATA has always employed effective security measures for its CAFIS and other credit card payment systems from the day the services were launched, in order to enable customers to use them with assurance. Initially these measures were based on information security policies compliant with NTT DATA’s own standards. As awareness of security rose, ISMS certification was acquired in April 2005 for customer service and for maintenance and operations of the CAFIS card payment service. In addition, NTT DATA began efforts to acquire PCI DSS validation for this and other payment systems.
By acquiring both ISMS certification, which indicates compliance from a management and administration standpoint, and PCI DSS validation with its emphasis on implementation measures, a more robust data security level can be achieved through features that complement each other. Acquiring both types of validation at the same time demonstrates objectively that NTT DATA, in its data security management for card payment services, implements on-going measures for maintaining and improving a proper balance among confidentiality, integrity, and availability, while putting in place a more robust organizational structure for ensuring data security.
Looking Ahead
For the services already validated, NTT DATA will continue to undergo assessments annually. By implementing solid data security management measures, the company will pursue various initiatives aimed at providing even higher levels of reliability and security.
About the PCI DSS Validation
Qualified Security Assessor
BSI Japan
Certifying organization
PCI SSC (PCI Security Standard Council)
Service provider and division
Cards and Payments Services Division, First Financial Sector, NTT DATA Corporation
Validated systems
- CAFIS card payment network: acquired Feb. 2008 (renewed Nov. 2008)
- BlueGate internet payment service: acquired Nov. 2008 (renewed May 2009)
- CDS Credit data transfer system service: acquired July 2008 (updated June 2009)
- INFOX multifunction payment service: acquired June 2009
- PastelPort card payment solution for retailers: acquired June 2009
Notes:
- *1PCI DSS (Payment Card Industry Data Security Standard) is a set of international guidelines for card business operators, drawn up in December 2004 by major global credit card companies with the aim of establishing security standards for protection of confidential card member information and transaction information.
- *2ISMS refers to a Conformity Assessment Scheme for Information Security Management Systems, which the Japan Information Processing Development Corporation (JIPDEC) began administering in Japan in April 2002 after the Ministry of Economy, Trade and Industry (METI) announced the introduction of international standards for information security management. Today it has become an international standard known as ISO/IEC 27001:2005.
- *CAFIS, INFOX, CDS, BlueGate, and PastelPort are registered trademarks of NTT DATA Corporation.
- *Other names of products, services, and companies herein are the trademarks or registered trademarks of their respective owners.
For more information, please contact:
For media inquiries:
Mr. Tomohisa Sugiyama
Public Relations Department
NTT DATA Corporation
Tel: +81-3-5546-8051
For inquiries about services:
Mr. Jun Hiraishi, Mr. Kazuhito Ogura, Mr. Katsuhiro Morimura
Cards and Payments Services Division
First Financial Sector
NTT DATA Corporation
Tel: +81-50-5546-8039
News Releases.
The services, prices of products and services, specifications, telephone numbers, etc. for inquiries and other information included in news releases are the data available on the day of the release. This information may be changed at any time without notice. In certain circumstances, due to various risks or unexpected occurrences, actual results may also be different from the plans or projections in news releases.
