Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PCI DSS v 3.2に対する対応
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
benzookapi
May 12, 2016
Technology
2.5k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
PCI DSS v 3.2に対する対応
@ Security Night #1 2016.5.11
http://secnight.connpass.com/event/30672/
benzookapi
May 12, 2016
More Decks by benzookapi
See All by benzookapi
技術をお金と貢献に変える、Shopifyテーマとアプリの開発
benzookapi
1
2.3k
Shopify Storefront APIを使った PWA e-commerceの解説とデモ
benzookapi
0
660
DevRel for tech. entrepreneurs: Beyond platform partners
benzookapi
0
190
Shopifyを使ったヘッドレスコマースの 実現方法と事例
benzookapi
0
250
React + GraphQL を使ったShopify Appの作り方と そのマネタイズ方法
benzookapi
1
1.4k
Shopifyアプリエコシステムで始める 第3のスキルマネタイズ
benzookapi
0
4.4k
Tech. Blog TIPS
benzookapi
0
350
Our new DevRel: Invention of scaling out partner ecosystem
benzookapi
0
330
WordPressとShopifyでECサイトを作ろう
benzookapi
0
1.2k
Other Decks in Technology
See All in Technology
[モダンアプリ勉強会]今更聞けないGit/GitHub入門
tsukuboshi
0
360
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
line_developers_tw
PRO
0
660
攻撃者視点で考えるDetection Engineering
cryptopeg
0
380
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
syuchimu
0
200
手塩にかけりゃいいってもんじゃない
ming_ayami
0
230
2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄
line_developers_tw
PRO
0
680
LLMと共に進化するプロセスを目指して
ymatsuwitter
12
3.9k
小さく始める AI 活用推進 ― 日経電子版 Web チームの事例/nikkei-tech-talk47
nikkei_engineer_recruiting
0
170
脆弱性対応、どこで線を引くか
rymiyamoto
0
350
生成 AI × MCP で切り拓く次世代 SRE!自律型運用への挑戦と開発者体験の進化
_awache
0
190
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.9k
"何を作るか"を任される エンジニアは、どう育つのか
yutaokafuji
1
570
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
420
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
330
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Optimizing for Happiness
mojombo
378
71k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
250
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
54k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
430
Technical Leadership for Architectural Decision Making
baasie
3
400
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
600
Deep Space Network (abreviated)
tonyrice
0
170
Transcript
PCI DSS v 3.2ʹର͢ΔରԠ Junichi Okamura @ Security Night #1
2016.5.11
Who am I? • Junichi Okamura @benzookapi • API Lover/Midnight
Creator/TDD (Talk Driven Development) Advocator • Rock/Wine/DQ/JOJO/I18N/Marketing/Payment • Scala/Java/Ruby/Python/Node.js/PHP/Mobile/Unity/../ppt
Today’s Topic PCI DSSͷΜΘΓઆ໌ͱɺ ͱ͋ΔFinTechاۀͷରԠʹ͍ͭͯ
PCI DSSͱʁ Payment Card Industry Data Security Standardͷུɻ ࠃࡍϖΠϝϯτϒϥϯυ5͕ࣾڞಉͰࡦఆͨ͠ɺ ΫϨδοτۀքʹ͓͚ΔάϩʔόϧηΩϡϦςΟج४ɻ
PCI SSCʹΑͬͯཧɻ
PCI SSCͱʁ Payment Card Industry Security Standards Councilͷུɻ લग़̑ࣾͰઃཱͨ͠ηΩϡϦςΟཧஂମɻ
ͬ͘͟Γݴ͏ͱ ΫϨδοτΧʔυΛѻ͏ۀऀ͕औಘ͖͢ηΩϡϦςΟن֨
͞Βʹݴ͏ͱ ΫϨδοτΧʔυใ͕̍ճͰૹ͢ΔՄೳੑͷ͋ΔۀऀऔΒͳ ͍ͱμϝͳͷͰ͢ɻʢຊདྷʣ
PCI DSSͷओཁ߲ ҆શͳωοτϫʔΫͷߏஙɾҡ࣋ Χʔυձһσʔλͷอޢ ੬ऑੑΛཧ͢ΔϓϩάϥϜͷඋ ڧݻͳΞΫηε੍ޚख๏ͷಋೖ ఆظతͳωοτϫʔΫͷࢹ͓Αͼςετ ใηΩϡϦςΟɾϙϦγʔͷඋ ʢ࣮ࡍͷ͘͢͝ࡉԽ͞Εఆٛ͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘํ๏ ථʹΑΔࣗݾஅ ੬ऑੑεΩϟχϯάςετ ๚ௐࠪ ʢ࣮ࡍΫϨδοτΧʔυͷѻ͍ํͰϨϕϧ͚͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘίετ औಘ͢ΔϨϕϧʹΑΓ·͕͢ɺ ௨ৗؒඦສ͙Β͍͔͔Γ·͢ɻ
PCI DSSΛऔΒͳ͍ͱͲ͏ͳΔͷʁ ΧʔυܾࡁΛड͚͚Δ͜ͱͰ͖·ͤΜ ʢຊདྷʣ
࣮… ܾࡁߦࢿۚҠಈۀऀͳͲ͕औಘ͍ͯͯ͠ɺ Χʔυใ൴Β͕ѻ͏ͷͰɺ Ұൠͷۀऀ൴ΒΛհͯ͠ΧʔυܾࡁΛड͚Δ͜ͱ͕Ͱ͖·͢
PCI DSSͷৄࡉʹ͍ͭͯ ࣍ճҎ߱ͰಛूΉ༧ఆͰ͢ ࠓ͜ͷลͰצห
PCI DSSͷόʔδϣϯ 200412݄ ੍ఆ 20069݄ v 1.1 200810݄ v1.2 ->
v 2.0 201312݄ v 3.0 20154݄ v 3.1 20164݄ v 3.2 (࠷৽ʣ
࠷৽൛ v 3.2ʹ͍ͭͯ v 3.0 ͔Βͷओͳมߋɿ TLS 1.1Ҏ্ͷ௨৴Λαϙʔτ͠ͳ͍͞ʢ20166݄30·Ͱʹʣ SSL/TLS 1.0ͷ௨৴ΛແޮԽ͠ͳ͍͞ʢ20186݄30·Ͱʹʣ
ͭ·Γ 20166݄30Ҏ߱ʹTLS1.1Λαϙʔτ͍ͯ͠ͳ͍ۀऀ 20186݄30Ҏ߱ʹSSl/TLS1.0Λαϙʔτ͍ͯ͠Δۀऀ ʹ PCI DSSΛണୣ͞ΕΔʁʢͣʣ
SSLʁTLSʁ ͍͖ͳΓࠓͷςʔϚʹ͍͖ۙͮͯ·ͨ͠
ͳͥ͜Μͳมߋ͕ͳ͞Εͨͷ͔ʁ ͜͜Ͱͪΐͬͱࢥ͍ग़ͯ͠Έ·͠ΐ͏
ࡢࠓͷOSSͷ੬ऑੑͷൃ֮ Heartbleedʢ20144݄ʣ POODLEʢ201410݄ʣ Logjamʢ20155݄ʣ … ଟ༰Α͘Θ͔Βͳͯ͘ฉ͍ͨ͜ͱ͋Δͣ
҆શͳωοτϫʔΫͷߏஙɾҡ࣋ ͜ͷେલఏ͕͜ͷ··ͩͱڴ͔͞ΕΔ ͦΕΛ્ࢭ͢ΔͨΊͷߋ৽
PCI DSSΛऔಘ͍ͯ͠ΔاۀͷରԠ ΓFinTechاۀ͕Ұ൪හײ
FinTechاۀҐ֎ؔͳ͍ʁ ͦ͏Ͱ͋Γ·ͤΜ ݸਓใͳͲ༷ʑͳηϯγςΟϒใΛѻ͏େاۀ PCI DSSΛऔಘ͍ͯ͠Δ͜ͱ͕ଟ͍Ͱ͢ ʢྫɿAWS͞Μͱ͔ʣ ͦͦηΩϡϦςΟશͯͷαʔϏεʹେࣄ
FinTechاۀͷରԠྫ
PayPalͷࣄྫ PCI DSS v3.2Ҏ֎ͷͷؚΜͰ ηΩϡϦςΟܭըͱͯ͠άϩʔόϧͰ࣮ࢪ
ରԠ߲ SSLূ໌ॻͷΞοϓάϨʔυʢVeriSign G5ʣ TLS1.2/HTTP1.1ͷΞοϓάϨʔυ γεςϜؒ௨৴ͷHTTPͷഇࢭ ClassicɹAPIͷGETഇࢭʢRESTআ͘ʣ ͦͷଞ…
ৄࡉʢϚΠΫϩαΠτʣ https://www.paypal-knowledge.com/infocenter/index? page=content&id=FAQ1913&expand=true&locale=ja_JP
։ൃऀ͚ηΩϡϦςΟΨΠυϥΠϯ https://developer.paypal.com/docs/classic/lifecycle/info-security- guidelines/
ͳͥʢલͯ͠͠·ͰʣΔ͔ʁ FinTechاۀͱͯ͠ͷ҆શɾ҆શͷͨΊ
Thank You Junichi Okamura @ Security Night #1 2016.5.11
SiteGround - Reliable hosting with speed, security, and support you can count on.
benzookapi
tsukuboshi
line_developers_tw
cryptopeg
syuchimu
ming_ayami
ymatsuwitter
nikkei_engineer_recruiting
rymiyamoto
_awache
oracle4engineer
yutaokafuji
aarron
davetheseo
irinanazarova
szymonslowik
eileencodes
mojombo
samtorres
madoxten
mfonobong
baasie
tammyeverts
tonyrice
