Seven Bank Security Measures

The following security measures have been implemented by Seven Bank.

ATM Security Measures
Purpose Countermeasures
Offering Safety and Security

Direct Banking Service

Prevention of Unauthorized Access

128 Bit SSL or Higher Encrypted Communication

Seven Bank Direct Banking Service uses VeriSign Global Server ID. All data communication is protected with advanced security using 128 bit SSL (Secure Socket Layer) or higher encrypted communication.

Access Monitored 24 Hours a Day, 365 Days a Year

The Seven Bank system is operated and constantly monitored 24 hours a day, 365 days a year. The system is designed to prevent potential threats and to discover signs of unauthorized access by an external source.

Prevention of Phishing Scams

Phishing Scams

A phishing scam is an illegal act of attempting to acquire personal information by masquerading as a trustworthy entity through an email from a company such as a bank, having the email recipient access a false website for said company that is real and having said user enter their ID or password for that website.
Seven Bank shall never ask the customer via email or other means, as described above, for the customer's cash card PIN, IDs or passwords.
In addition, there are never any circumstances in which all of the confirmation number is entered (2 digit number input only for 2 places).
In the event that you receive a suspicious email or information using the name of Seven Bank, contact the Contact Center.

Integration of Block Service for Phishing Websites

Seven Bank uses a service which forces the closure of phishing websites in order to swiftly block or closes down a false website (phishing websites) that masquerades as Seven Bank Direct Banking Service.

EV SSL Server Certificate

As a countermeasure for phishing crimes, Seven Bank uses an "EV SSL server certificate" for our Direct Banking Service and for some new account application pages. The EV SSL certificate is issued via a strict authentication process in accordance with global standards to determine whether or not the administrator of the website is true.

■Procedure for Confirming Official Websites

When Using Google Chrome 25 or Firefox 19

Part of the URL turns green and the name of the organization, which operates the website with a green lock mark, is displayed.
If you click on the name of the organization, which operates the website with a green lock mark, you can confirm the certificate information.
Make sure that the publishing address is: "ib.sevenbank.co.jp" or "mb.sevenbank.co.jp" or "entry.sevenbank.co.jp"

When Using Safari 6.0 or Some Smartphones

"Seven Bank, Ltd." is displayed, on the top-right part of the browser screen with a green background, as the name of the organization that operates the website.

If the display is different from the content noted above in the "Confirmation Procedure," for example, the background of the address bar is displayed in yellow or red, the website may be a phishing website and/or there may be problem with integrating the "SSL Server Certificate."

Security Measures for Emails Sent From Seven Bank

■Electronic Signature

Seven Bank uses an electronic signature when sending emails to improve the security of our emails.
An electronic signature is a means to verify who wrote or created the email, or to verify that the email was not altered or falsified.
This signature certifies that the email was in fact sent by Seven Bank and that the email was not altered or falsified. The customer can not only confirm the electronic signature but also protect himself or herself from phishing scams or other falsification.
Note that when using email software that does not support this signature, the email message will display but the file "smime.p7s" is attached to the email as the digital certificate.
The electronic signature cannot be confirmed even if the attached file is opened.

■Confirmation Procedure for Emails Sent from Seven Bank

  • (1) Make sure that a security warning does not appear when receiving an email with an electronic signature.
    If a security warning appears for an email, the email may not be authentic.
  • (2)

    Make sure that the email address of the signer is: *****@sevenbank.co.jp

    • Please be aware that we confirm some mail Seven Bank do not send if its sender is ******@sevenbank.co.jp
  • (3) Make sure that the owner of the digital certificate is: Seven Bank, Ltd.
  • (4) Make sure that the certificate authority of the digital certificate is: Symantec Class 3 Organizational CA-G2
  • (5) Make sure that the email receipt date falls before the expiration date of the digital certificate.
    A security warning is displayed if the date falls after the expiration date.

More information about checking electronic signatures can be found here.

Name Display for Emails Sent to the Customer

The name of the customer is displayed at the top of the emails that are sent from Seven Bank. Be careful if the name of the customer is not displayed, because there is a high probability that the email is not from Seven Bank.

Sender Domain Authentication Function

We are operating enhanced email security (DMARC*) to prevent damage from illegal remittances caused by phishing emails.
This measure will block suspicious emails that spoof our email domains indicated below so that these emails will not reach your in-box and you will receive emails only from our legitimate domains.

  • DMARC (Domain-based Message Authentication, Reporting and Conformance) is authentication technology for preventing spoofing and falsification of emails.

Email domain from which Seven Bank will send emails

  • -@sevenbank.co.jp
  • -Some subdomains of @sevenbank.co.jp

If you have made settings to forward emails received by your email address registered with Seven Bank to another email address, you may not be able to receive our emails at the forwarding email address. In such case, please check emails sent to your email address registered with Seven Bank.

Protection Against Spoofing by Third Parties

Automatic Log Off Function After Certain Period of Time Elapses

If no operation is performed for a certain period of time after logging on, the user is automatically logged off and the user's session ends. This system incorporates this function to make it more difficult for third parties to operate without permission if the user's computer or device is left unattended even though the user is still logged on.

In order to prevent other people from operating your computer, do no leave it unattended while still being logged on. In addition, we don't recommend using the Direct Banking Service on a computer that is open to the general public, such as at an Internet Cafe.

Sending Emails to Customers for Transactions

When there is a domestic money transfer transaction or a change in your registered information, Seven Bank sends a notification to your registered email address to inform you that your request or application was processed, in order to help ensure that any unauthorized transactions are immediately detected. In addition, a notification is also displayed when you log on.
In the event that there is a transaction that you do not remember making, Seven Bank uses these emails and notifications to help you pick up on those types of transactions quickly.

  • i We recommend that you register your email address for your mobile phone because we may be able to catch any unauthorized withdrawals by a third party early on.

[Examples When the Customer is Notified about Transactions or Procedures]

Logon notification, withdrawal or domestic money transfer of 100,000 Yen or more at an ATM, security related information, etc.

  • i When receiving the above emails, you may need to configure your "Notification Email Settings" in the Direct Banking Service.
  • i If you have incoming email restrictions on your email account such as domain designation for preventing junk mail, you will not be able to receive our notification emails. Change the settings so that you can receive emails from Seven Bank.
  • i Use the domain "@sevenbank.co.jp" when configuring the domain settings for your email account.
  • i We do not recommend registering a free email address (address of an email account that can be acquired for free) because it may be used by a third party.

Service Suspension Due to Wrong Password Input

Your "Cash Card PIN," "Logon Password" and "Confirmation Number" become locked or invalidated if you enter them incorrectly more than the number of chances prescribed by Seven Bank.

Spyware Countermeasure Such as Keylogging

Virtual Keyboard

Seven Bank provides a "Virtual Keyboard" function for entering each ID and password in order to strengthen security in the Direct Banking Service. The "Virtual Keyboard" does not store the history of the keyboard operation sequence because input is only possible with a mouse. It is effective as a countermeasure against keylogging and spyware that record keyboard input information and steal passwords, etc. Use the software keyboard to ensure safer and more secure Direct Banking Service.

  • * Screen image is current as of January 14, 2014. The page may be changed without prior notice.

■ Keylogging?

"Keylogging" refers to unauthorized or illegal software (spyware) that records keyboard input information and steals passwords, etc.
The following are effective countermeasures.

Detecting Unauthorized Logons Quickly

Display of Previous Logon Date and Time

The previous logon session is displayed each time you logon in order to help ensure that any unauthorized transactions are immediately detected. In addition, when there is a domestic money transfer transaction or when your request was processed to change personal information, etc., Seven Bank will notify you using a "Notification email" or the "Message box (Notification)."

Preventing Unauthorized Use

App authentication

By taking the steps on the app to approve transactions such as registration for the Direct Banking Service, logon, and money transfer, customers can prevent unauthorized transactions even in the event that their password is stolen by a third party.

Strict Customer Confirmation

■Using Strict Customer Confirmation

Strict customer confirmation is used when opening an account in order to prevent opening an account illegally. In addition, after an account is opened, we verify the identity of the customer depending on the transaction. We ask for your cooperation.

■Account Used Only by Account Holder

Transactions may be restricted or the account may be terminated if it is discovered that the account holder does not actually exist or if the account was opened unbeknown to or against the wishes of the account holder, etc.

■Confirming Registered Address

Seven Bank confirms the information that is registered in order to organize the customer registered information based on the deposit insurance system. We ask for your cooperation. Transactions may be restricted if mail does not arrive at the registered address or if Seven Bank cannot contact the account holder. If there is a change in your registered details, for example when moving, follow the prescribed procedure to change said details as quickly as possible. The Direct Banking Service as well as the Contact Center can support address change requests.

ATM

Offering Safety and Security

Equipped with Various Functions

The ATM is equipped with a security camera and offers a screen and input buttons that are positioned to discourage onlookers. In addition, a screen display and voice message remind the user when a domestic money transfer is carried out to protect the user from bank transfer scams.
Going forward, Seven Bank is planning on developing support for IC cards that are used for domestic bank transactions as well as transaction support for cards issued abroad, in order to prevent illegal use of ATMs. Seven Bank strives to ensure safe and secure transactions for the customer by constantly monitoring ATM transactions and the status of the ATM, including the detection of any suspicious articles attached to the ATM.

Security Camera A security camera is installed to record the area in front of the ATM. Intercom Use this telephone if you encounter any problems.  It automatically connects to the Call Center. Guard The customer can use the ATM in a space that ensures privacy. Reminder Sensor and Speaker No. 2 A speaker reminds the user to take back their card or the bills that are dispensed.  Crime Prevention Button If this button is pressed in the event of an emergency, the security center is notified and a security guard will come immediately. Mirror The mirror enables the user to check the area behind him or her while using the ATM. ATM Screen The ATM screen is equipped with a special film that prevents others from seeing the screen at an certain angle from the side. Input Buttons The input buttons are located in a recessed area so that others nearby cannot see the buttons being pressed.