J/Secure - The E-Commerce Solution -
As the online shopping market experiences rapid growth, so does the need for security.JCB is working hard to provide cardmembers with more security when using JCB cards for online shopping.
JCB's Authentication Service
Secure Online Shopping with J/Secure
J/Secure excels in security compared to the currently prevalent method of payer authentication for online shopping whereby the user inputs their credit card number and expiration date. In addition to this, J/Secure identifies the cardmember by requiring a password, or by using additional information gathered during the authentication process, such as the cardmember’s device or country.
How J/Secure1.0 Works
- At a J/Secure1.0 compliant merchant's website, the JCB cardmember enters his/her card number and expiration date in the area for payment information. Next, the MPI(*1) on the merchant's server delivers the information to the corresponding JCB card issuer to verify the cardmember's registration status with the J/Secure program.
- If the cardmember is enrolled in J/Secure, a password entry screen appears on the user's PC.
- The JCB cardmember enters password.
- The card issuer identifies the password. The result is then delivered to the merchant.
- The merchant's system receives the result and if the passwords match, the merchant proceeds with the authorization and sales transactions following the designated procedure.
Support for J/Secure1.0 will be discontinued as of October 18, 2022.
Certification of new J/Secure1.0 MPI(*1) and ACS(*2) products ended on February 1, 2021.
How J/Secure2.0 Works
- On a J/Secure2.0 compliant merchant’s website or mobile application, the JCB cardmember enters his/her card number and expiration date in the area for payment information. Next, the 3DS Requestor, who initiates authentication on the merchant’s server delivers the information to the corresponding JCB card issuer to conduct risk-based authentication, without interacting with the cardmember.
- If further interaction with the cardmember is not required, authentication is completed and the result is then delivered to the merchant.
- If further interaction with the cardmember is required, the JCB cardmember is required to authenticate themselves using any method that the issuer requires. This can be one time password, biometrics or an issuer’s application. The result is then delivered to the merchant.
- The merchant’s system receives the result and if the cardmember is authenticated, the merchant proceeds with the authorization and sales transactions following the designated procedure.
JCB is currently planning a phased migration from J/Secure1.0 to J/Secure2.0.
Details and updates will be posted on this page.
For JCB Card Issuers, Acquirers and Vendors
For JCB Merchants