- Payment Card Industry
Data Security Standard -

Payment Card Industry Data Security Standard "PCI DSS" is the global card industry security standard,
which is established by five major international payment brands, JCB, American Express, Discover, MasterCard and Visa, to enhance cardmember data and transaction data security.

PCI DSS Helps You

Protect cardholder data
and transaction data
from hackers and fraudsters

PCI DSS helps you identify vulnerabilities in your systems and procedures so that you can effectively implement security measures to thwart hackers and fraudsters.

Reduce the risk of theft
or loss of information

Theft or loss of information can incur enormous costs for investigations, legal advice, public relations and more, as well as damaging customer confidence and sales volume. PCI DSS helps reduce the risk of potential theft or loss that could have a significant impact on your business.

PCI DSS stipulates
12 requirements
to be complied with.

Build and Maintain
a Secure Network

Requirement 1 : Install and maintain a firewall configuration to protect cardholder data
Requirement 2 : Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Requirement 3 : Protect stored cardholder data
Requirement 4 : Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability
Management Program

Requirement 5 : Use and regularly update anti-virus software
Requirement 6 : Develop and maintain secure systems and applications

Implement Strong
Access Control Measures

Requirement 7 : Restrict access to cardholder data by business need-to-know
Requirement 8 : Assign a unique ID to each person with computer access
Requirement 9 : Restrict physical access to cardholder data

Regularly Monitor
and Test Networks

Requirement 10 : Track and monitor all access to network resources and cardholder data
Requirement 11 : Regularly test security systems and processes

Maintain an Information
Security Policy

Requirement 12 : Maintain a policy that addresses information security


You can download PCI DSS.

PCI SSC Web Site

JCB Data Security Program

JCB provides a program called JCB Data Security Program, which helps to protect cardmember data and transaction data.

JCB requires Licensees to ensure that the Licensees themselves, TPPs, IPSPs and Merchants with access to cardmember data and transaction data comply with the JCB Data Security Program.

JCB Data Security Program

Related information

PCI SSC (PCI Security Standards Council, LLC)

JCB, along with four other international payment brands, is a member of PCI SSC an independent body formed to develop, enhance, disseminate and assist with implementation of security standards for payment account security. PCI SSC is one more way in which JCB is actively promoting a safer environment for JCB card use.

PCI SSC Web Site