ACS Enrollment Guide

Enrollment Request

In order to start ACS Compliance Test, Vendor must click here and enroll for testing at first. The following information must be provided during enrollment:

Login Information

Tester ID

A unique value to identify Tester


A credential to be used for login

Tester Information Company Name

Name of a company whose product is to be tested

*This will be posted to "J/Secure Compliant Product List".
Address Address of the company  
ZIP/Postal Code
Name of Authorized Representative Name of the person who is responsible for the testing
Title of Authorized Representative Title of the person above
E-Mail E-Mail address to be posed to "J/Secure Compliant Product List"
Contact Information Name Name of a person who will be a primary point of contact
Phone Number Phone number of the contact person. Please specify the country code.
Fax Number Fax number of the contact person, if applicable. Please specify the country code.
E-Mail E-Mail address of the contact person. All information needed for testing will be sent to this address.
Product Information Product Name and Version

Name of the product and its version to be tested

*This will be posted to "J/Secure Compliant Product List". Please enter the same information as in Visa compliance notice, if nothing has been changed

3-D Secure Protocol Version The version of 3-D Secure protocol which the tested ACS supports
3-D Secure Specification with which this product is compliant The errata which the tested ACS supports
Supported Protocol The protocol of each payment scheme which the tested ACS supports
CAVV Algorithm Algorithm the tested ACS supports to calculate CAVV value
Attempt Functionality Whether the tested ACS supports Attempt functionality
Certificate Switching for more than one Issuer Whether the tested ACS can switch certificates between Issuers
Cardholder Information Encryption Whether the tested ACS can encrypt cardholder information
JavaScript for Redirection Whether the tested ACS uses JavaScript for redirecting PaRes form
PAReq/PARes JavaScript Fallback Whether the tested ACS supports fallback when cardholder browser does not support JavaScript.
Visa Compliance Recognized as 3-D Secure ver.1.0.2 compliant product by VISA Whether the tested ACS has been recognized as compliant product by VISA
Issuance date of Visa compliance notice Date of a compliance notice issued from Visa
Expiration date of Visa compliance notice Date of expiration, if specified in Visa compliance notice
Reference Number of Visa compliance notice A number to uniquely identify the product, if provided by Visa
Testing Information ACS URL A fully qualified URL where JSTAT should send the VEReq. Port information should be included in the URL, if required.

Material submitted to JCB

After submitting enrollment request through the web site, Vendor must submit a copy of Visa compliance notice to JCB listed below. It can be provided by any method, postal mail, fax, or e-mail.

Mailing Address

J/Secure Test Support

Advanced Technologies Department

JCB Co., Ltd.

5-1-22 Minami Aoyama, Minato-ku, Tokyo

107-8686 Japan

Fax Number
E-Mail Address

Approval from JCB

Upon receiving the enrollment request and a copy of Visa compliance notice from Vendor, JCB will review them and approve the enrollment. JCB will send an email to the contact person specified in the enrollment form to notify that the enrollment has been approved.

Vendor can use JSTAT for 15 continuous calendar days from the approval, to run Compliance Test.

Vendor can neither login to JSTAT nor run Compliance Test unless the enrollment request has been approved by JCB.

Testing Requirements

In order to run Compliance Test, vendors must do the following activities:

  • Create a certificate request and deploy the certificates issued from JSTAT to the server where JSTAT will send VEReq.

  •  Install the JSTAT root certificate and intermediate certificate in your list of trusted certificates.

  • Enroll specific PAN numbers into the ACS database and configure them. For some of the PAN numbers, ACS is required to bypass the authentication step. When it receives the PAReq from JSTAT, it should not send an authentication page to request password. Instead, it should directly return PARes or Error response.

  • Use a specific value as CAVV key.

The detailed information will be provided after the enrollment request has been approved.

Copyright 2005 JCB Co., Ltd. All Rights Reserved