13 Domestic Credit Card Companies, ACSiON Inc., the Anti-Phishing Council, and the Japan Credit Card Association Jointly Expand Phishing Site Closure Initiative
13 domestic credit card companies, ACSiON, and industry associations are expanding their joint initiative to close phishing sites, aiming to halve the number of sites that defraud credit card information.
📋 Article Processing Timeline
- 📰 Published: March 31, 2026 at 19:00
Aeon Financial Service Co., Ltd.
NTT DOCOMO, INC.
EPOS Card Co., Ltd.
au Financial Service Co., Ltd.
Credit Saison Co., Ltd.
JCB Co., Ltd.
Seven Card Service Co., Ltd.
Seven CS Card Service Co., Ltd.
Toyota Finance Corporation
Sumitomo Mitsui Card Company, Limited
Mitsubishi UFJ NICOS Co., Ltd.
UC Card Co., Ltd.
Rakuten Card Co., Ltd.
ACSiON Inc.
Anti-Phishing Council
Japan Credit Card Association (JCCA)
13 domestic credit card companies (see "Company Overview"), ACSiON Inc. (hereinafter, ACSiON), the Anti-Phishing Council, and the Japan Credit Card Association (hereinafter, JCCA) will expand their joint initiative to close phishing sites (hereinafter, "this initiative"), which began in April 2025, to curb phishing damage aimed at fraudulently acquiring credit card information.
In April 2025, for the first time in Japan*1, a cross-company initiative involving 8 credit card companies to close phishing sites was launched and achieved certain results. From April 2026 onwards, to further strengthen deterrence, 5 new domestic credit card companies will join, expanding the scope of phishing site closures significantly with a total of 13 companies. This will enable more comprehensive phishing countermeasures, further strengthening prevention of damage and ensuring the safety of credit card users.
*1 According to JCCA research as of March 2026.
1. Background
The total damage from credit card fraud in 2025 reached 51.05 billion yen, remaining at a high level (see Figure 1). Approximately 75% of this damage is estimated to be caused by phishing*2, making phishing countermeasures one of the critical issues in the credit card industry. Furthermore, the number of phishing reports has reached approximately 2.45 million annually (see Figure 2), and the threat continues to expand.
In recent years, phishing sites have diversified beyond credit card companies and financial institutions to include e-commerce/service providers, airline/transportation operators, and delivery service providers. The methods have also become more sophisticated and varied, combining multiple channels such as email and SMS. While many credit card companies are working to detect and close phishing sites impersonating their own sites, a significant amount of credit card information is also being defrauded from phishing sites impersonating entities other than credit card companies. To address these challenges, 8 domestic credit card companies collaborated from April 2025 to establish an effective system for curbing phishing damage impersonating businesses outside the credit card industry.
*2 According to JCCA research as of March 2026.
【Figure 1: Trends in Credit Card Fraud Damage】
【Figure 2: Trends in Phishing Report Cases】
2. Achievements of this initiative in FY2025 (April-December)
From the start of operations on April 1, 2025 (Tuesday) to December 31, 2025 (Wednesday), approximately 50,000 phishing site URLs were jointly closed by 8 domestic credit card companies, ACSiON, and JCCA.
Furthermore, comparing the number of phishing site URLs reported to the Anti-Phishing Council for the targeted companies before the initiative (March 2025) and after its launch (April-December 2025), it was confirmed that the number had halved. This suggests that this initiative had a certain effect in deterring the creation of phishing sites (see Figure 3).
On the other hand, it also became clear that responding only to phishing sites impersonating specific companies is insufficient to curb overall phishing damage. Based on these results, in FY2026, we will significantly expand the scope of companies targeted for phishing site closures, enabling responses to phishing sites impersonating a wider range of companies and further promoting the deterrence of phishing damage.
【Figure 3: Trends in Phishing Site URLs and Closure Cases】
【Figure 4: Overview of Phishing Countermeasure Services】
【Figure 5: Phishing Site Detection and Countermeasure Flow】
3. Expansion of this initiative in FY2026
In FY2026, to further promote the deterrence of phishing damage, 5 new domestic credit card companies will join, expanding the joint initiative for phishing site closures to a total of 13 companies. Additionally, the Anti-Phishing Council will newly participate, supporting comprehensive phishing countermeasures, including information sharing on the latest phishing trends and providing know-how beyond just site closure, to companies targeted by phishing sites.
With the increase in participating companies, we have significantly broadened the scope of companies targeted for phishing site closures, including e-commerce/service providers, airline/transportation operators, and delivery service providers frequently used by attackers. This makes it possible to cover over 90% of phishing site brands impersonating non-financial institutions for the purpose of fraudulently acquiring credit card information.*3
Based on the achievements of this initiative in FY2025 and the brand coverage rate, we expect to halve the number of phishing site URLs impersonating non-financial institutions reported in Japan, aiming for further strengthening of overall phishing damage deterrence.
*3 For financial institutions such as credit cards, securities, and banks, it was confirmed that self-closure efforts are relatively advanced, so "non-financial institutions" are used as the basis for closure and calculation, excluding this domain.
【Figure 6: Expansion of Phishing Site Closure Targets and Coverage Rate in this Initiative】
4. Future Outlook
The 13 domestic credit card companies, ACSiON, the Anti-Phishing Council, and JCCA aim to eliminate phishing damage from Japan.
For companies with a high number of phishing site reports, we will continue to jointly call for the establishment of an environment where they can proactively engage in phishing site closure, including requesting voluntary closure efforts and providing necessary know-how for site closure, thereby continuously promoting industry-wide phishing countermeasures.
5. Contact Information
Japan Credit Card Association (JCCA)
Secretary General: Nobuyuki Tsujinaka
TEL: 03-6630-0835 Mail: [email protected]
Reference
■ Company Overview of 13 Domestic Credit Card Companies
|
Aeon Financial Service Co., Ltd. |
Headquarters: Chiyoda-ku, Tokyo President and Representative Director: Tomoharu Miyama |
|
|
NTT DOCOMO, INC. |
Headquarters: Chiyoda-ku, Tokyo President and Representative Director: Yoshiaki Maeda |
|
|
● |
EPOS Card Co., Ltd. |
Headquarters: Nakano-ku, Tokyo President and Representative Director: Shoichi Aida |
|
● |
au Financial Service Co., Ltd. |
Headquarters: Minato-ku, Tokyo President and Representative Director: Atsushi Nagano |
|
Credit Saison Co., Ltd. |
Headquarters: Toshima-ku, Tokyo President and Representative Director, COO: Katsumi Mizuno |
|
|
JCB Co., Ltd. |
... (The original text was truncated here.) |
FAQ
What is the purpose of this initiative?
The goal is to halve the number of phishing sites that defraud credit card information, suppress fraudulent use, and ensure user safety.
Which companies are participating?
13 major Japanese credit card companies, including Aeon Financial Service and NTT Docomo, along with ACSiON, the Anti-Phishing Council, and the Japan Credit Card Association.
When did this initiative start and how has it expanded?
It began in April 2025 with 8 companies, and from April 2026, 5 new companies joined, expanding the system to a total of 13 companies.