Company Overview

Certification of Merchants of PCI DSS

Certification of Merchants of PCI DSS

Compliance is certified once a year

ICMS, the Qualified Security Assessor (QSAs), conducts annual onsite audit for online merchants where card member data are not being retained to verify their compliance with PCI DSS.

※Generally, merchants with no more than 6,000,000 transactions per year can prove compliance through self-guided questionnaires, but this program certify compliances by a third-party assessor.

Compliance is certified once a year

Merchants that are certified for compliance are allowed to display certification logo on their website. By doing so, they can assure customers that their credit data are handled in a safe and secured manner when shopping or using their services online.

Link-type no-possess system(Outsourcing)
Type Online merchants outsource functions of their systems which transmit, process or store card member data.
※All of processing systems and operational management for the systems are handled by other agencies.
Items of compliance 398→22
Duration of audit About 1 day
Output Attestation of Compliance for Self-Assessment Questionnaire (AOC SAQ), certified and signed by QSA
Certification mark Valid for 1 year from the day of approval
Cost 260,000 JPY (plus taxes) in the first year;
230,000 JPY (plus taxes) thereafter.
Link-type no-possess system
Type Online merchants that do not transmit, process, or store card member data using their own systems.
※All processing are handled by processing agency.
Items of compliance 398→193
Duration of audit About 4 day
Output Attestation of Compliance for Self-Assessment Questionnaire (AOC SAQ), certified and signed by QSA
Certification mark Valid for 1 year from the day of approval
Cost 680,000 JPY (plus taxes) in the first year;
580,000 JPY (plus taxes) thereafter.
Module-type no-possess service
Type Online members that do not “transmit”, “process”, or “store” card member data using their own systems. 
※Card member’s information are stored by processing agency.
※Only one location is being used to transmit and process card member’s data.
Items of compliance 331→ ※It depends on scope. Please contact us.
Duration of audit About 4 day
Output Attestation of Compliance for Self-Assessment Questionnaire (AOC SAQ), certified and signed by QSA
Certification mark Valid for 1 year from the day of approval
Cost ※Please contact us.

※ Merchants are responsible for system and integration cost necessary for PCI DSS compliances.

ページの先頭へ