What is JCB Data Security Program?
The JCB Data Security Program helps JCB merchants and payment processors ensure that they meet the PCI Data Security Standard (PCI DSS) maintained by the PCI Security Standards Council, which was founded by the payment brands JCB, American Express, Discover, MasterCard Worldwide and Visa International. The PCI DSS sets a high level of security to protect cardholder data and transaction data.
The JCB Data Security Program gives merchants and payment processors three ways to validate compliance with the PCI DSS: Self-Assessment, Security Scan, and On-Site Review. JCB strongly recommends that JCB merchants and payment processors adopt the JCB Data Security Program to protect cardholder data and transaction data. The recommended compliance validation procedures depend on whether you handle cardholder data and transaction data via the Internet or Internet-accessible network and the volume of your JCB card transactions. For more information, please see Your Recommended Procedures.
The Program Helps You
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
Three Compliance Validation Procedures
Self-Assessment
Answer the Self-Assessment Questionnaire to determine your current level of compliance with the PCI DSS. You can download the PCI DSS Payment Card Industry Self-Assessment Questionnaire on the PCI Security Standards Council web site.
Download PCI DSS Payment Card Industry Self-Assessment Questionnaire.
Security Scan
A PCI SSC Approved Scanning Vendor (ASV) performs a remote network security scan of your network and web applications to evaluate system vulnerabilities and misconfigurations to attempted intrusions over the Internet. The ASV will provide you with a scan report describing the security vulnerabilities identified and guidance on how to fix them. You can download the PCI DSS Security Scanning Procedures and find a list of ASVs on the PCI Security Standards Council web site. Contact your selected ASV for information on the cost and time required to perform the security scan.
Download PCI DSS Security Scanning Procedures
Download Approved Scanning Vendors List
On-Site Review
A PCI SSC Qualified Security Assessor (QSA) performs an on-site review of your information security including interviews, document inspection, and audit of system controls. The QSA will report to you in detail on the audit findings. You can download the PCI DSS Security Audit Procedures and find a list of QSAs on the PCI Security Standards Council web site. Contact your selected QSA for information on the cost and time required to perform the on-site review.
Download PCI DSS Security Audit Procedures
Download Qualified Security Assessors List
Your Recommended Procedures
Merchants
<Merchants who handle cardholder data and transaction data via the Internet or Internet-accessible network>
One million JCB transactions or more per year: Security Scan (Quarterly), and On-Site Review (Yearly)
Less than one million JCB transactions per year: Self-Assessment (Yearly), and Security Scan (Quarterly)
<Merchants who do not handle card holderdata and transaction data via the Internet nor Internet-accessible network>
One million JCB transactions or more per year: On-Site Review (Yearly)
Less than one million JCB transactions per year: Self-Assessment (Yearly)
Payment Processors
<All Payment Processors who handle card holderdata and transaction data via the Internet or Internet-accessible network>
Security Scan (Quarterly), and On-Site Review (Yearly)
<All Payment Processors who do not handle card holder data and transaction data via the Internet nor Ineternet-accessible network>
On-Site Review (Yearly)
