Seven Bank Security Measures

Seven Bank Direct Banking Service uses VeriSign Global Server ID. All data communication is protected with advanced security using 128 bit SSL (Secure Socket Layer) or higher encrypted communication.

The Seven Bank system is operated and constantly monitored 24 hours a day, 365 days a year. The system is designed to prevent potential threats and to discover signs of unauthorized access by an external source.

A phishing scam is an illegal act of attempting to acquire personal information by masquerading as a trustworthy entity through an email from a company such as a bank, having the email recipient access a false website for said company that is real and having said user enter their ID or password for that website.
Seven Bank shall never ask the customer via email or other means, as described above, for the customer's cash card PIN, IDs or passwords.
In addition, there are never any circumstances in which all of the confirmation number is entered (2 digit number input only for 2 places).
In the event that you receive a suspicious email or information using the name of Seven Bank, contact the Contact Center.

Seven Bank uses a service which forces the closure of phishing websites in order to swiftly block or closes down a false website (phishing websites) that masquerades as Seven Bank Direct Banking Service.

As a countermeasure for phishing crimes, Seven Bank uses an "EV SSL server certificate" for our Direct Banking Service and for some new account application pages. The EV SSL certificate is issued via a strict authentication process in accordance with global standards to determine whether or not the administrator of the website is true.

When Using Google Chrome 25 or Firefox 19

Part of the URL turns green and the name of the organization, which operates the website with a green lock mark, is displayed.
If you click on the name of the organization, which operates the website with a green lock mark, you can confirm the certificate information.
Make sure that the publishing address is: "ib.sevenbank.co.jp" or "mb.sevenbank.co.jp" or "entry.sevenbank.co.jp"

When Using Safari 6.0 or Some Smartphones

"Seven Bank, Ltd." is displayed, on the top-right part of the browser screen with a green background, as the name of the organization that operates the website.

Seven Bank uses an electronic signature when sending emails to improve the security of our emails.
An electronic signature is a means to verify who wrote or created the email, or to verify that the email was not altered or falsified.
This signature certifies that the email was in fact sent by Seven Bank and that the email was not altered or falsified. The customer can not only confirm the electronic signature but also protect himself or herself from phishing scams or other falsification.
Note that when using email software that does not support this signature, the email message will display but the file "smime.p7s" is attached to the email as the digital certificate.
The electronic signature cannot be confirmed even if the attached file is opened.

More information about checking electronic signatures can be found here.

The name of the customer is displayed at the top of the emails that are sent from Seven Bank. Be careful if the name of the customer is not displayed, because there is a high probability that the email is not from Seven Bank.

As a countermeasure for "email spoofing," Seven Bank provides a "Sender Domain*1 Authentication Function" for emails sent to the customer from Seven Bank.

The sender domain authentication function is one technical countermeasure for protection against "email spoofing." When the customer's email service supports and authenticates the emails using the sender domain authentication function, the function automatically differentiates in the system if the email that displays Seven Bank as the sender was in fact sent from Seven Bank. If "email spoofing" is detected, those emails are categorized as "junk email," etc.

However, contact the company*2 that provides your email service for further details to determine if the your email service supports the sender domain authentication function for "email spoofing," or to check the way that "email spoofing" is displayed, because support and the way that the sender domain authentication function is displayed is different with each company (Ex: When "email spoofing" is detected, that email is automatically sent to the junk email folder, etc.).

If no operation is performed for a certain period of time after logging on, the user is automatically logged off and the user's session ends. This system incorporates this function to make it more difficult for third parties to operate without permission if the user's computer or device is left unattended even though the user is still logged on.

When there is a domestic money transfer transaction or a change in your registered information, Seven Bank sends a notification to your registered email address to inform you that your request or application was processed, in order to help ensure that any unauthorized transactions are immediately detected. In addition, a notification is also displayed when you log on.
In the event that there is a transaction that you do not remember making, Seven Bank uses these emails and notifications to help you pick up on those types of transactions quickly.

Logon notification, withdrawal or domestic money transfer of 100,000 Yen or more at an ATM, security related information, etc.

Your "Cash Card PIN," "Logon Password" and "Confirmation Number" become locked or invalidated if you enter them incorrectly more than the number of chances prescribed by Seven Bank.

Seven Bank provides a "Virtual Keyboard" function for entering each ID and password in order to strengthen security in the Direct Banking Service. The "Virtual Keyboard" does not store the history of the keyboard operation sequence because input is only possible with a mouse. It is effective as a countermeasure against keylogging and spyware that record keyboard input information and steal passwords, etc. Use the software keyboard to ensure safer and more secure Direct Banking Service.

"Keylogging" refers to unauthorized or illegal software (spyware) that records keyboard input information and steals passwords, etc.
The following are effective countermeasures.

The previous logon session is displayed each time you logon in order to help ensure that any unauthorized transactions are immediately detected. In addition, when there is a domestic money transfer transaction or when your request was processed to change personal information, etc., Seven Bank will notify you using a "Notification email" or the "Message box (Notification)."

By taking the steps on the app to approve transactions such as registration for the Direct Banking Service, logon, and money transfer, customers can prevent unauthorized transactions even in the event that their password is stolen by a third party.

Strict customer confirmation is used when opening an account in order to prevent opening an account illegally. In addition, after an account is opened, we verify the identity of the customer depending on the transaction. We ask for your cooperation.

Transactions may be restricted or the account may be terminated if it is discovered that the account holder does not actually exist or if the account was opened unbeknown to or against the wishes of the account holder, etc.

Seven Bank confirms the information that is registered in order to organize the customer registered information based on the deposit insurance system. We ask for your cooperation. Transactions may be restricted if mail does not arrive at the registered address or if Seven Bank cannot contact the account holder. If there is a change in your registered details, for example when moving, follow the prescribed procedure to change said details as quickly as possible. The Direct Banking Service as well as the Contact Center can support address change requests.

The ATM is equipped with a security camera and offers a screen and input buttons that are positioned to discourage onlookers. In addition, a screen display and voice message remind the user when a domestic money transfer is carried out to protect the user from bank transfer scams.
Going forward, Seven Bank is planning on developing support for IC cards that are used for domestic bank transactions as well as transaction support for cards issued abroad, in order to prevent illegal use of ATMs. Seven Bank strives to ensure safe and secure transactions for the customer by constantly monitoring ATM transactions and the status of the ATM, including the detection of any suspicious articles attached to the ATM.