13 Domestic Credit Card Companies, ACSiON Co., Ltd., Council of Anti-Phishing Japan, and Japan Credit Card Association Jointly Expand Phishing Site Closure Initiative

13 domestic credit card companies (see "Company Overview"), ACSiON Co., Ltd. (hereinafter, ACSiON), the Council of Anti-Phishing Japan, and the Japan Credit Card Association (hereinafter, JCCA) will expand their collaborative initiative to shut down phishing sites (hereinafter, this initiative), which began in April 2025, to deter phishing damage aimed at illegally acquiring credit card information.

In April 2025, for the first time in Japan*1, a cross-company initiative involving 8 credit card companies to close phishing sites was launched and achieved certain results. From April 2026 onwards, to further strengthen deterrence, 5 new domestic credit card companies will join, expanding the scope of phishing site closures significantly with a total of 13 companies. This will enable more comprehensive phishing countermeasures, further strengthening the prevention of damage and ensuring the safety of credit card users.

*1 According to JCCA research as of March 2026

1. Background

The total damage from credit card fraud in 2025 amounted to 51.05 billion yen, remaining at a high level (see Figure 1). Approximately 75% of this damage is estimated to be caused by phishing*2, making phishing countermeasures one of the critical issues in the credit card industry. Furthermore, the number of phishing reports has reached approximately 2.45 million annually (see Figure 2), indicating a continuous expansion of the threat.

In recent years, phishing sites have diversified beyond credit card companies and financial institutions to include e-commerce/service providers, airline/transportation operators, and delivery service providers. The methods have also become more sophisticated and varied, combining multiple channels such as email and SMS. While many credit card companies are working to detect and close phishing sites impersonating their own sites, a significant amount of credit card numbers and other information is also being defrauded from phishing sites impersonating entities other than credit card companies. To address these challenges, 8 domestic credit card companies collaborated from April 2025 to establish an effective system to deter phishing damage impersonating businesses outside the credit card industry.

*2 According to JCCA research as of March 2026

【Figure 1: Trends in Credit Card Fraud Damage】

【Figure 2: Trends in Phishing Report Cases】

2. Achievements of this initiative in FY2025 (April-December)

From the start of operations on April 1 (Tuesday), 2025, to December 31 (Wednesday), approximately 50,000 phishing site URLs were jointly closed by 8 domestic credit card companies, ACSiON, and JCCA.

Furthermore, regarding phishing sites impersonating the targeted companies, the number of phishing site URLs reported to the Council of Anti-Phishing Japan was halved when comparing March 2025 (before the initiative began) with April-December 2025 (after the initiative began). From this, it is inferred that this initiative had a certain effect in deterring the creation of phishing sites (see Figure 3).

On the other hand, it also became clear that responding only to phishing sites impersonating specific companies is insufficient to deter overall phishing damage. Based on these results, in FY2026, we will significantly expand the scope of companies targeted for phishing site closures, enabling responses to phishing sites impersonating a wider range of companies, and further promoting the deterrence of phishing damage.

【Figure 3: Trends in Phishing Site URLs and Closure Cases】

【Figure 4: Overall Picture of Phishing Countermeasure Services】

【Figure 5: Phishing Site Detection and Countermeasure Flow】

3. Expansion of this initiative in FY2026

In FY2026, to further promote the deterrence of phishing damage, 5 new domestic credit card companies will join, expanding the collaborative initiative for phishing site closures to a total of 13 companies. Additionally, the Council of Anti-Phishing Japan will newly participate, providing comprehensive support for promoting phishing countermeasures, including information sharing on the latest phishing trends and other measures beyond just site closures for companies targeted for phishing site closures.

The increase in participating companies has significantly broadened the scope of companies targeted for phishing site closures, including frequently impersonated e-commerce/service providers, airline/transportation operators, and delivery service providers. This has made it possible to cover over 90% of phishing site brands (excluding financial institutions) aimed at illegally acquiring credit card information.*3

Based on the achievements of this initiative in FY2025 and the brand coverage rate, we expect to halve the number of phishing site URLs impersonating non-financial institutions reported in Japan, aiming for further strengthening of overall phishing damage deterrence.

*3 For financial institutions such as credit cards, securities, and banks, it was confirmed that self-closure measures are relatively advanced, so "non-financial institutions" are used as the base for closure and calculation, excluding this domain.

【Figure 6: Expansion of Companies Targeted for Phishing Site Closure and Coverage Rate in this Initiative】

4. Future Outlook

The 13 domestic credit card companies, ACSiON, the Council of Anti-Phishing Japan, and JCCA aim to eliminate phishing damage from Japan.

For companies with a high number of phishing site reports, in addition to requesting their proactive phishing site closure, we will jointly call for the establishment of an environment where they can proactively engage in phishing site closures by providing necessary know-how for site closure, and will continue to promote cross-industry phishing countermeasures.

5. Contact Information

Japan Credit Card Association (JCCA)

TEL: 03-6630-0835

Mail: secretariat@jcca-office.gr.jp

＜Reference＞

■Company Overview of 13 Domestic Credit Card Companies