Information Security

Information security system

The nature of the JACCS Group's business involves the acquisition, retention, and use of a large volume of personal information.
Information received from customers is centrally managed on JANET―JACCS’ core computer system―and is protected by a sophisticated level of system security.
To maintain and enhance system security on an ongoing basis, JACCS has established an information security management system (ISMS), and has received certification under ISO/IEC 27001, the international standard relating to information security.
With regard to the Company’s core computer system (JANET), Web-based systems, and authorization system, JACCS has received conformity certification under the Payment Card Industry Data Security Standard (PCIDSS), which is an internationally recognized standard relating to credit card information protection. In conjunction with this, JACCS undertakes ongoing measures to maintain system security. In the fiscal year ended March 31, 2024, JACCS completed its migration to the ISO/IEC 27001:2022 certification standard, and renewed its PCIDSS certification.

Scope of certification

Management of development, maintenance and operation of the following computer systems

  • Core system within credit, credit card and financing operations (JANET)
  • System that provides a range of Internet-based services in conjunction with the core system, for customers, member stores, alliance partners and other parties (Web system)
  • System that performs input/output (I/O) data exchange in conjunction with the core system, with such parties as member stores and alliance partners (IPC system)
Date of certification / date of renewal

March 24, 2006 / March 24, 2024

Certification standard

ISO/IEC 27001:2022 / JIS Q 27001:2023

JQA(CERTIFIED MANAGEMENT SYSTEM) ISO/IEC 27001 JQA-IM0324

Information-related risk-reduction measures

In recent years there has been an acceleration in changes to the environment for data management, including an increase in instances where information terminals are taken outside the Group’s offices. This partly reflects changes in the style of sales operations. In response, the Group has implemented a range of security countermeasures, including the use of virtual private network (VPN) connections, finger vein-based biometric authentication, and restrictions on printouts. In addition, the Group is working to reduce information security risk by implementing ongoing training programs for employees.
The Group’s information processing center, which integrates data, has been built with an earthquake-resistant structure, has a duplicate power supply system, and on-site backup power generation equipment. Hence, these measures provide system and network redundancy and maintain service availability. The Group has also taken such steps as implementation of 24-hour/365-day continuous system monitoring, regular data backup, and strict control of access to the system and data. Hence, on an on-going basis the Group implements programs to ensure stable day-to-day system operations as well as maintain and enhance security.

Curbing damage caused by fraud through detection of fraudulent web sites and actions to have such sites closed down

JACCS monitors the following types of fraudulent web sites 24 hours a day, 365 days a year, and takes actions to have such sites closed down whenever they are detected. By maintaining vigilance in this way, JACCS works to protect customers from the harm of fraud.

  • Sites that engage in “phishing” attacks by drawing in users with spoofed e-mail, which are designed to prompt users to enter their credit card numbers and other data
  • Fraudulent apps that use without permission the name and icon of JACCS’ official app
  • Social media accounts that use without permission the JACCS logo and name

Spoofed e-mail prevention measures

In recent years, there has been an increase in fraud damage caused by phishing attacks. Typically, such attacks involve users receiving a spoofed e-mail (impersonation of a legitimate sender), which draw users to a phishing site for the purpose of stealing such information as passwords and credit card information. To prevent the occurrence of e-mail spoofing, as well as ascertain the occurrence situation rapidly and accurately, JACCS is progressively setting up Domain-based Message Authentication, Reporting and Conformance (DMARC) records attached to its domain name information.
Electronic mail is an important tool used for communication with customers. To ensure that customers can check theire-mail messages from JACCS with peace of mind, the Company will continue to strengthen its security systems.

Strengthening of fraud detection system

A fraud detection system is a system that analyzes credit card transactions and usage patterns, and checks for the presence of fraudulent credit card use by third parties.
To protect customers from damage caused by fraudulent credit card use by third parties, including damages arising from card loss, theft or forgery, JACCS has implemented a fraud detection system, which monitors card usage 24 hours a day, 365 days a year.
Based on this system, in the case where usage resembles known patterns of fraudulent activity, JACCS contacts the customer directly to confirm whether or not the transaction in question is legitimate.
To enable JACCS customers to use their credit cards with peace of mind, the Company will continue working to increase the fraud detection rate.

Top of Page