The PCI Security Standards Council continues to work with stakeholders in Japan to help support PCI DSS adoption in the region, and will host Qualified Security Assessor (QSA) and Internal Security Assessor (ISA) Training in Tokyo in November. Here, we talk with PCI SSC International Director Jeremy King about payment security needs and challenges in Japan and the role of training and education in securing payment data.
What are some of the key payment security challenges for businesses in Japan?
Jeremy King: We are in a world of escalating global cybercrime, with organizations under constant attack from criminals who are not based in Japan or even the Asia Pacific region. Knowing you are a target is the first challenge, and moving on from that awareness to treating data security as a company priority is the next.
Security is everyone’s responsibility - this is not an IT problem. It is essential that every member of staff appreciates this, especially your most senior management team. There are many ways in which organizations are being targeted - ransomware, CEO fraud, and phishing are some that have become increasingly popular in recent months. In addition we still see malware as the common mode of operation by criminals wanting to steal your customers’ data, especially their payment card data. In order to gain the confidence of Japanese consumers, businesses need to adopt good data security practices and make training available to its staff to ensure that consumers feel safe - and the best payment data security practices are the PCI Security Standards.
Why is QSA and ISA training important to the Japanese market right now?
With cybercrime on the rise globally, there’s a great need for more qualified IT security professionals to deal with increasing threats. According to the Cybersecurity Jobs Report, the cybersecurity skills shortage could reach as many as 3.5 million unfulfilled positions worldwide by 2021. And in Japan specifically, the Japan Ministry of Economy, Trade and Industry (METI) estimates the current shortfall of IT professionals to available opportunities is 132,060, which will grow to 193,010 in 2020.
As the country prepares to host the 2019 Rugby World Cup and the 2020 Olympics in Tokyo, there is great urgency for businesses to prioritize cybersecurity with data security programs and trained and qualified security experts. For payments specifically, METI is requiring businesses to adopt the PCI Data Security Standard (PCI DSS) to safeguard payment data.
How will providing these trainings ultimately help Japanese businesses in their efforts to adopt PCI DSS?
QSAs and ISAs can help companies implement payment data security essentials more quickly and more easily.
Holding the QSA training in Japan will enable assessor companies the opportunity to grow the number of QSAs available to support Japanese merchants as they moved toward securing their payment data with the adoption and implementation of PCI Standards. The ISA training will allow those same companies to have internal staff trained to the same high level as the QSAs, which will help prepare the companies for assessment, and ensure the assessment is carried out in a most efficient manner.
What else is the PCI SSC doing to help support PCI DSS awareness and adoption in Japan?
Helping organizations of all sizes improve their data security is central to our efforts at the PCI Security Standards Council. That is why we have been working very closely with key organizations in Japan, such as the Japan Card Data Security Consortium (JCDSC) and the Japan Consumer Credit Association (JCA) to provide more and more of our standards and guidance documents in Japanese. Not only that, but with the support of the JCDSC we have ensured the quality and accuracy of the translations to ensure they are providing the best level of support. Visit our Japanese web site at: https://ja.pcisecuritystandards.org/minisite/env2/.
Here you will find a wide range of standards and guidance documents, including our Payment Protection Resources for Small Merchants, crucial for helping small businesses improve their security, and the Prioritized Approach for PCI DSS, a great tool for helping understand where to start on the PCI DSS journey.
Finally, PCI SSC continues to support Japanese organizations, associations and METI as they migrate toward improved payment security through the adoption and implementation of the PCI DSS. In addition to the QSA and ISA training in Tokyo in November 2017, the PCI SSC will be hosting the next PCI Asia Pacific Community Meeting in Tokyo on 23-24 May 2018.