Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PCI DSS v 3.2に対する対応
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
benzookapi
May 12, 2016
Technology
2
2.4k
PCI DSS v 3.2に対する対応
@ Security Night #1 2016.5.11
http://secnight.connpass.com/event/30672/
benzookapi
May 12, 2016
Tweet
Share
More Decks by benzookapi
See All by benzookapi
技術をお金と貢献に変える、Shopifyテーマとアプリの開発
benzookapi
1
2.2k
Shopify Storefront APIを使った PWA e-commerceの解説とデモ
benzookapi
0
630
DevRel for tech. entrepreneurs: Beyond platform partners
benzookapi
0
180
Shopifyを使ったヘッドレスコマースの 実現方法と事例
benzookapi
0
220
React + GraphQL を使ったShopify Appの作り方と そのマネタイズ方法
benzookapi
1
1.3k
Shopifyアプリエコシステムで始める 第3のスキルマネタイズ
benzookapi
0
4.4k
Tech. Blog TIPS
benzookapi
0
320
Our new DevRel: Invention of scaling out partner ecosystem
benzookapi
0
310
WordPressとShopifyでECサイトを作ろう
benzookapi
0
1.2k
Other Decks in Technology
See All in Technology
Context Engineeringの取り組み
nutslove
0
370
プロポーザルに込める段取り八分
shoheimitani
1
570
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
abemii
0
140
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
17k
データの整合性を保ちたいだけなんだ
shoheimitani
8
3.2k
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
180
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
190
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
190
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.6k
AWS Network Firewall Proxyを触ってみた
nagisa53
1
240
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
5
1.6k
Featured
See All Featured
sira's awesome portfolio website redesign presentation
elsirapls
0
150
A Soul's Torment
seathinner
5
2.3k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
150
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
650
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
54
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
How GitHub (no longer) Works
holman
316
140k
Raft: Consensus for Rubyists
vanstee
141
7.3k
Thoughts on Productivity
jonyablonski
74
5k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
69
Transcript
PCI DSS v 3.2ʹର͢ΔରԠ Junichi Okamura @ Security Night #1
2016.5.11
Who am I? • Junichi Okamura @benzookapi • API Lover/Midnight
Creator/TDD (Talk Driven Development) Advocator • Rock/Wine/DQ/JOJO/I18N/Marketing/Payment • Scala/Java/Ruby/Python/Node.js/PHP/Mobile/Unity/../ppt
Today’s Topic PCI DSSͷΜΘΓઆ໌ͱɺ ͱ͋ΔFinTechاۀͷରԠʹ͍ͭͯ
PCI DSSͱʁ Payment Card Industry Data Security Standardͷུɻ ࠃࡍϖΠϝϯτϒϥϯυ5͕ࣾڞಉͰࡦఆͨ͠ɺ ΫϨδοτۀքʹ͓͚ΔάϩʔόϧηΩϡϦςΟج४ɻ
PCI SSCʹΑͬͯཧɻ
PCI SSCͱʁ Payment Card Industry Security Standards Councilͷུɻ લग़̑ࣾͰઃཱͨ͠ηΩϡϦςΟཧஂମɻ
ͬ͘͟Γݴ͏ͱ ΫϨδοτΧʔυΛѻ͏ۀऀ͕औಘ͖͢ηΩϡϦςΟن֨
͞Βʹݴ͏ͱ ΫϨδοτΧʔυใ͕̍ճͰૹ͢ΔՄೳੑͷ͋ΔۀऀऔΒͳ ͍ͱμϝͳͷͰ͢ɻʢຊདྷʣ
PCI DSSͷओཁ߲ ҆શͳωοτϫʔΫͷߏஙɾҡ࣋ Χʔυձһσʔλͷอޢ ੬ऑੑΛཧ͢ΔϓϩάϥϜͷඋ ڧݻͳΞΫηε੍ޚख๏ͷಋೖ ఆظతͳωοτϫʔΫͷࢹ͓Αͼςετ ใηΩϡϦςΟɾϙϦγʔͷඋ ʢ࣮ࡍͷ͘͢͝ࡉԽ͞Εఆٛ͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘํ๏ ථʹΑΔࣗݾஅ ੬ऑੑεΩϟχϯάςετ ๚ௐࠪ ʢ࣮ࡍΫϨδοτΧʔυͷѻ͍ํͰϨϕϧ͚͞Ε͍ͯ·͢ʣ
PCI DSSͷऔಘίετ औಘ͢ΔϨϕϧʹΑΓ·͕͢ɺ ௨ৗؒඦສ͙Β͍͔͔Γ·͢ɻ
PCI DSSΛऔΒͳ͍ͱͲ͏ͳΔͷʁ ΧʔυܾࡁΛड͚͚Δ͜ͱͰ͖·ͤΜ ʢຊདྷʣ
࣮… ܾࡁߦࢿۚҠಈۀऀͳͲ͕औಘ͍ͯͯ͠ɺ Χʔυใ൴Β͕ѻ͏ͷͰɺ Ұൠͷۀऀ൴ΒΛհͯ͠ΧʔυܾࡁΛड͚Δ͜ͱ͕Ͱ͖·͢
PCI DSSͷৄࡉʹ͍ͭͯ ࣍ճҎ߱ͰಛूΉ༧ఆͰ͢ ࠓ͜ͷลͰצห
PCI DSSͷόʔδϣϯ 200412݄ ੍ఆ 20069݄ v 1.1 200810݄ v1.2 ->
v 2.0 201312݄ v 3.0 20154݄ v 3.1 20164݄ v 3.2 (࠷৽ʣ
࠷৽൛ v 3.2ʹ͍ͭͯ v 3.0 ͔Βͷओͳมߋɿ TLS 1.1Ҏ্ͷ௨৴Λαϙʔτ͠ͳ͍͞ʢ20166݄30·Ͱʹʣ SSL/TLS 1.0ͷ௨৴ΛແޮԽ͠ͳ͍͞ʢ20186݄30·Ͱʹʣ
ͭ·Γ 20166݄30Ҏ߱ʹTLS1.1Λαϙʔτ͍ͯ͠ͳ͍ۀऀ 20186݄30Ҏ߱ʹSSl/TLS1.0Λαϙʔτ͍ͯ͠Δۀऀ ʹ PCI DSSΛണୣ͞ΕΔʁʢͣʣ
SSLʁTLSʁ ͍͖ͳΓࠓͷςʔϚʹ͍͖ۙͮͯ·ͨ͠
ͳͥ͜Μͳมߋ͕ͳ͞Εͨͷ͔ʁ ͜͜Ͱͪΐͬͱࢥ͍ग़ͯ͠Έ·͠ΐ͏
ࡢࠓͷOSSͷ੬ऑੑͷൃ֮ Heartbleedʢ20144݄ʣ POODLEʢ201410݄ʣ Logjamʢ20155݄ʣ … ଟ༰Α͘Θ͔Βͳͯ͘ฉ͍ͨ͜ͱ͋Δͣ
҆શͳωοτϫʔΫͷߏஙɾҡ࣋ ͜ͷେલఏ͕͜ͷ··ͩͱڴ͔͞ΕΔ ͦΕΛ્ࢭ͢ΔͨΊͷߋ৽
PCI DSSΛऔಘ͍ͯ͠ΔاۀͷରԠ ΓFinTechاۀ͕Ұ൪හײ
FinTechاۀҐ֎ؔͳ͍ʁ ͦ͏Ͱ͋Γ·ͤΜ ݸਓใͳͲ༷ʑͳηϯγςΟϒใΛѻ͏େاۀ PCI DSSΛऔಘ͍ͯ͠Δ͜ͱ͕ଟ͍Ͱ͢ ʢྫɿAWS͞Μͱ͔ʣ ͦͦηΩϡϦςΟશͯͷαʔϏεʹେࣄ
FinTechاۀͷରԠྫ
PayPalͷࣄྫ PCI DSS v3.2Ҏ֎ͷͷؚΜͰ ηΩϡϦςΟܭըͱͯ͠άϩʔόϧͰ࣮ࢪ
ରԠ߲ SSLূ໌ॻͷΞοϓάϨʔυʢVeriSign G5ʣ TLS1.2/HTTP1.1ͷΞοϓάϨʔυ γεςϜؒ௨৴ͷHTTPͷഇࢭ ClassicɹAPIͷGETഇࢭʢRESTআ͘ʣ ͦͷଞ…
ৄࡉʢϚΠΫϩαΠτʣ https://www.paypal-knowledge.com/infocenter/index? page=content&id=FAQ1913&expand=true&locale=ja_JP
։ൃऀ͚ηΩϡϦςΟΨΠυϥΠϯ https://developer.paypal.com/docs/classic/lifecycle/info-security- guidelines/
ͳͥʢલͯ͠͠·ͰʣΔ͔ʁ FinTechاۀͱͯ͠ͷ҆શɾ҆શͷͨΊ
Thank You Junichi Okamura @ Security Night #1 2016.5.11
SiteGround - Reliable hosting with speed, security, and support you can count on.
benzookapi
nutslove
shoheimitani
abemii
sansan33
msysh
ama_ch
torounit
stahnma
soudai
nagisa53
oracle4engineer
elsirapls
seathinner
nikkihalliwell
nmsamuel
auna
tammyeverts
addyosmani
keavy
holman
vanstee
jonyablonski
ryanjones
