Information Security

The nature of the JACCS Group's business involves the acquisition, retention, and use of a large volume of personal information.
Information received from customers is centrally managed on JANET―JACCS’ core computer system―and is protected by a sophisticated level of system security.
To maintain and enhance system security on an ongoing basis, JACCS has established an information security management system (ISMS), and has received certification under ISO/IEC 27001, the international standard relating to information security.
With regard to the Company’s core computer system (JANET), Web-based systems, and authorization system, JACCS has received conformity certification under the Payment Card Industry Data Security Standard (PCIDSS), which is an internationally recognized standard relating to credit card information protection. In conjunction with this, JACCS undertakes ongoing measures to maintain system security. In fiscal 2025, we successfully completed our ISO/IEC 27001:2022 surveillance audit and renewed our PCI DSS v4.0 certification.

Centered on a dedicated cybersecurity division, we are systematically advancing organization-wide initiatives, including the continuous review of relevant regulations and vulnerability management, with the aim of strengthening security governance. In addition, we operate a CSIRT (Computer Security Incident Response Team) to enable swift and accurate responses to cyber incidents, establishing an effective response framework to prevent the spread of damage. As specific defensive measures, we have implemented multi-layered defenses encompassing intrusion prevention, continuous monitoring of internal networks, and data loss prevention, while also objectively verifying the effectiveness of our security measures through regular vulnerability assessments and penetration tests conducted by external specialized organizations, and striving for continuous enhancement.

JACCS monitors the following types of fraudulent web sites 24 hours a day, 365 days a year, and takes actions to have such sites closed down whenever they are detected. By maintaining vigilance in this way, JACCS works to protect customers from the harm of fraud.

• Sites that engage in “phishing” attacks by drawing in users with spoofed e-mail, which are designed to prompt users to enter their credit card numbers and other data
• Fraudulent apps that use without permission the name and icon of JACCS’ official app
• Social media accounts that use without permission the JACCS logo and name

In recent years, there has been an increase in phishing scams where fraudulent emails impersonating companies direct users to phishing sites to steal passwords and credit card information. To deter the occurrence of such spoofed emails and to quickly and accurately grasp the situation when they occur, JACCS has implemented DMARC (Domain-based Message Authentication, Reporting, and Conformance), an email domain authentication technology, for its email sending domain (jaccs.co.jp), as well as "BIMI," which displays a company logo on authenticated emails. Additionally, we distribute information as needed when spoofed emails or similar threats are detected.
Email is an important tool for communication with our customers, and we will continue to strengthen our efforts to ensure that emails from JACCS can be checked with confidence.

A fraud detection system is a system that analyzes credit card transactions and usage patterns, and checks for the presence of fraudulent credit card use by third parties.
To protect customers from damage caused by fraudulent credit card use by third parties, including damages arising from card loss, theft or forgery, JACCS has implemented a fraud detection system, which monitors card usage 24 hours a day, 365 days a year.
Based on this system, in the case where usage resembles known patterns of fraudulent activity, JACCS contacts the customer directly to confirm whether or not the transaction in question is legitimate.
To enable JACCS customers to use their credit cards with peace of mind, the Company will continue working to increase the fraud detection rate.