JCB Data Security Program

The JCB Data Security Program helps JCB merchants and payment processors ensure that they meet the PCI Data Security Standard (PCI DSS).

The JCB Data Security Program gives merchants and payment processors three ways to validate compliance with the PCI DSS: Self-Assessment, Security Scan, and On-Site Review. JCB strongly recommends that JCB merchants and payment processors adopt the JCB Data Security Program to protect cardholder data and transaction data.

PCI DSS - Payment Card Industry Data Security Standard -

Three Compliance Validation Procedures

The recommended compliance validation procedures depend on whether you handle cardholder data and transaction data via the Internet or Internet-accessible network and the volume of your JCB card transactions. For more information, please see Your Recommended Procedures.

Self-Assessment

Answer the Self-Assessment Questionnaire to determine your current level of compliance with the PCI DSS. You can download the PCI DSS Payment Card Industry Self-Assessment Questionnaire on the PCI Security Standards Council web site.

Download PCI DSS Payment Card Industry Self-Assessment Questionnaire.

Security Scan

A PCI SSC Approved Scanning Vendor (ASV) performs a remote network security scan of your network and web applications to evaluate system vulnerabilities and misconfigurations to attempted intrusions over the Internet. The ASV will provide you with a scan report describing the security vulnerabilities identified and guidance on how to fix them. You can download the PCI DSS Security Scanning Procedures and find a list of ASVs on the PCI Security Standards Council web site. Contact your selected ASV for information on the cost and time required to perform the security scan.

On-Site Review

A PCI SSC Qualified Security Assessor (QSA) performs an on-site review of your information security including interviews, document inspection, and audit of system controls. The QSA will report to you in detail on the audit findings. You can download the PCI DSS Security Audit Procedures and find a list of QSAs on the PCI Security Standards Council web site. Contact your selected QSA for information on the cost and time required to perform the on-site review.

Recommended Procedures for Merchants and Payment Processors

The recommended compliance validation procedures depend on whether you handle cardholder data and transaction data via the Internet or Internet-accessible network and the volume of your JCB card transactions. For more information, please see Your Recommended Procedures.

If you handle cardholder data and transaction data via the Internet or Internet-accessible network

  Merchants Payment Processors
One million JCB transactions or more per year Less than one million JCB transactions per year Regardless of the number of JCB transactions
Self-Assessment N/A N/A
Security Scan Quarterly Quarterly Quarterly
On-Site Review Yearly N/A Yearly

If you don't handle cardholder data and transaction data via the Internet or Internet-accessible network

  Merchants Payment Processors
One million JCB transactions or more per year Less than one million JCB transactions per year Regardless of the number of JCB transactions
Self-Assessment N/A N/A
Security Scan N/A N/A N/A
On-Site Review Yearly N/A Yearly

Security


JCB Brand


Home