Seven Bank Security Measures
The following security measures have been implemented by Seven Bank.
|Security Measures for Direct Banking Service
|Prevention of Unauthorized Access
Prevention of Phishing Scams
Protection Against Spoofing by Third Parties
|Detecting Unauthorized Logons Quickly
Preventing Unauthorized Use
|ATM Security Measures
|Offering Safety and Security
Direct Banking Service
Prevention of Unauthorized Access
128 Bit SSL or Higher Encrypted Communication
Seven Bank Direct Banking Service uses VeriSign Global Server ID. All data communication is protected with advanced security using 128 bit SSL (Secure Socket Layer) or higher encrypted communication.
Access Monitored 24 Hours a Day, 365 Days a Year
The Seven Bank system is operated and constantly monitored 24 hours a day, 365 days a year. The system is designed to prevent potential threats and to discover signs of unauthorized access by an external source.
Prevention of Phishing Scams
A phishing scam is an illegal act of attempting to acquire personal information by masquerading as a trustworthy entity through an email from a company such as a bank, having the email recipient access a false website for said company that is real and having said user enter their ID or password for that website.
Seven Bank shall never ask the customer via email or other means, as described above, for the customer's cash card PIN, IDs or passwords.
In addition, there are never any circumstances in which all of the confirmation number is entered (2 digit number input only for 2 places).
In the event that you receive a suspicious email or information using the name of Seven Bank, contact the Contact Center.
Integration of Block Service for Phishing Websites
Seven Bank uses a service which forces the closure of phishing websites in order to swiftly block or closes down a false website (phishing websites) that masquerades as Seven Bank Direct Banking Service.
EV SSL Server Certificate
As a countermeasure for phishing crimes, Seven Bank uses an "EV SSL server certificate" for our Direct Banking Service and for some new account application pages. The EV SSL certificate is issued via a strict authentication process in accordance with global standards to determine whether or not the administrator of the website is true.
■Procedure for Confirming Official Websites
When Using Google Chrome 25 or Firefox 19
Part of the URL turns green and the name of the organization, which operates the website with a green lock mark, is displayed.
If you click on the name of the organization, which operates the website with a green lock mark, you can confirm the certificate information.
Make sure that the publishing address is: "ib.sevenbank.co.jp" or "mb.sevenbank.co.jp" or "entry.sevenbank.co.jp"
When Using Safari 6.0 or Some Smartphones
"Seven Bank, Ltd." is displayed, on the top-right part of the browser screen with a green background, as the name of the organization that operates the website.
Security Measures for Emails Sent From Seven Bank
Seven Bank uses an electronic signature when sending emails to improve the security of our emails.
An electronic signature is a means to verify who wrote or created the email, or to verify that the email was not altered or falsified.
This signature certifies that the email was in fact sent by Seven Bank and that the email was not altered or falsified. The customer can not only confirm the electronic signature but also protect himself or herself from phishing scams or other falsification.
Note that when using email software that does not support this signature, the email message will display but the file "smime.p7s" is attached to the email as the digital certificate.
The electronic signature cannot be confirmed even if the attached file is opened.
■Confirmation Procedure for Emails Sent from Seven Bank
Make sure that a security warning does not appear when receiving an email with an electronic signature.
If a security warning appears for an email, the email may not be authentic.
Make sure that the email address of the signer is: *****@sevenbank.co.jp
- ＊ Please be aware that we confirm some mail Seven Bank do not send if its sender is ******@sevenbank.co.jp
- (3) Make sure that the owner of the digital certificate is: Seven Bank, Ltd.
- (4) Make sure that the certificate authority of the digital certificate is: Symantec Class 3 Organizational CA-G2
Make sure that the email receipt date falls before the expiration date of the digital certificate.
A security warning is displayed if the date falls after the expiration date.
More information about checking electronic signatures can be found here.
Name Display for Emails Sent to the Customer
The name of the customer is displayed at the top of the emails that are sent from Seven Bank. Be careful if the name of the customer is not displayed, because there is a high probability that the email is not from Seven Bank.
Sender Domain Authentication Function
As a countermeasure for "email spoofing," Seven Bank provides a "Sender Domain*1 Authentication Function" for emails sent to the customer from Seven Bank.
The sender domain authentication function is one technical countermeasure for protection against "email spoofing." When the customer's email service supports and authenticates the emails using the sender domain authentication function, the function automatically differentiates in the system if the email that displays Seven Bank as the sender was in fact sent from Seven Bank. If "email spoofing" is detected, those emails are categorized as "junk email," etc.
However, contact the company*2 that provides your email service for further details to determine if the your email service supports the sender domain authentication function for "email spoofing," or to check the way that "email spoofing" is displayed, because support and the way that the sender domain authentication function is displayed is different with each company (Ex: When "email spoofing" is detected, that email is automatically sent to the junk email folder, etc.).
- *1 "Domain" refers to the address of the computer that is connected to the Internet. Seven Bank domain: "sevenbank.co.jp"
- *2 Internet service company (provider) or web portal company, or telecommunications service company, etc.
Protection Against Spoofing by Third Parties
Automatic Log Off Function After Certain Period of Time Elapses
If no operation is performed for a certain period of time after logging on, the user is automatically logged off and the user's session ends. This system incorporates this function to make it more difficult for third parties to operate without permission if the user's computer or device is left unattended even though the user is still logged on.
Sending Emails to Customers for Transactions
When there is a domestic money transfer transaction or a change in your registered information, Seven Bank sends a notification to your registered email address to inform you that your request or application was processed, in order to help ensure that any unauthorized transactions are immediately detected. In addition, a notification is also displayed when you log on.
In the event that there is a transaction that you do not remember making, Seven Bank uses these emails and notifications to help you pick up on those types of transactions quickly.
[Examples When the Customer is Notified about Transactions or Procedures]
Logon notification, withdrawal or domestic money transfer of 100,000 Yen or more at an ATM, security related information, etc.
Service Suspension Due to Wrong Password Input
Your "Cash Card PIN," "Logon Password" and "Confirmation Number" become locked or invalidated if you enter them incorrectly more than the number of chances prescribed by Seven Bank.
Spyware Countermeasure Such as Keylogging
Seven Bank provides a "Virtual Keyboard" function for entering each ID and password in order to strengthen security in the Direct Banking Service. The "Virtual Keyboard" does not store the history of the keyboard operation sequence because input is only possible with a mouse. It is effective as a countermeasure against keylogging and spyware that record keyboard input information and steal passwords, etc. Use the software keyboard to ensure safer and more secure Direct Banking Service.
- * Screen image is current as of January 14, 2014. The page may be changed without prior notice.
"Keylogging" refers to unauthorized or illegal software (spyware) that records keyboard input information and steals passwords, etc.
The following are effective countermeasures.
- ・ Use a virtual keyboard.
Detecting Unauthorized Logons Quickly
Display of Previous Logon Date and Time
The previous logon session is displayed each time you logon in order to help ensure that any unauthorized transactions are immediately detected. In addition, when there is a domestic money transfer transaction or when your request was processed to change personal information, etc., Seven Bank will notify you using a "Notification email" or the "Message box (Notification)."
Preventing Unauthorized Use
By taking the steps on the app to approve transactions such as registration for the Direct Banking Service, logon, and money transfer, customers can prevent unauthorized transactions even in the event that their password is stolen by a third party.
Strict Customer Confirmation
■Using Strict Customer Confirmation
Strict customer confirmation is used when opening an account in order to prevent opening an account illegally. In addition, after an account is opened, we verify the identity of the customer depending on the transaction. We ask for your cooperation.
■Account Used Only by Account Holder
Transactions may be restricted or the account may be terminated if it is discovered that the account holder does not actually exist or if the account was opened unbeknown to or against the wishes of the account holder, etc.
■Confirming Registered Address
Seven Bank confirms the information that is registered in order to organize the customer registered information based on the deposit insurance system. We ask for your cooperation. Transactions may be restricted if mail does not arrive at the registered address or if Seven Bank cannot contact the account holder. If there is a change in your registered details, for example when moving, follow the prescribed procedure to change said details as quickly as possible. The Direct Banking Service as well as the Contact Center can support address change requests.
Offering Safety and Security
Equipped with Various Functions
The ATM is equipped with a security camera and offers a screen and input buttons that are positioned to discourage onlookers. In addition, a screen display and voice message remind the user when a domestic money transfer is carried out to protect the user from bank transfer scams.
Going forward, Seven Bank is planning on developing support for IC cards that are used for domestic bank transactions as well as transaction support for cards issued abroad, in order to prevent illegal use of ATMs. Seven Bank strives to ensure safe and secure transactions for the customer by constantly monitoring ATM transactions and the status of the ATM, including the detection of any suspicious articles attached to the ATM.