Domestic Credit Card Companies (13), ACSiON Co., Ltd., the Council of Anti-Phishing Japan, and the Japan Credit Card Association Jointly Expand Efforts to Shut Down Phishing Sites

AEON Financial Service Co., Ltd.

NTT DOCOMO, INC.

EPOS CARD Co., Ltd.

au Financial Service Co., Ltd.

Credit Saison Co., Ltd.

JCB Co., Ltd.

Seven Card Service Co., Ltd.

Seven CS Card Service Co., Ltd.

Toyota Finance Corporation

Sumitomo Mitsui Card Company, Limited

Mitsubishi UFJ NICOS Co., Ltd.

UC Card Co., Ltd.

Rakuten Card Co., Ltd.

ACSiON, Inc.

Council of Anti-Phishing Japan

Japan Credit Card Association (JCCA)

Thirteen domestic credit card companies (see "Company Profile"), ACSiON Co., Ltd. (hereinafter, ACSiON), the Council of Anti-Phishing Japan, and the Japan Credit Card Association (hereinafter, JCCA) will expand their joint initiative to close phishing sites (hereinafter, "this initiative"), which began in April 2025, to curb phishing damage aimed at illegally acquiring credit card information.

In April 2025, for the first time in Japan*1, eight credit card companies jointly began closing phishing sites, achieving certain results. From April 2026, to further strengthen deterrence, five new domestic credit card companies will join, bringing the total to 13 companies. This will significantly expand the scope of phishing site closures. This will enable more comprehensive anti-phishing measures, further strengthening the prevention of damage and contributing to the safety of credit card users.

*1 According to JCCA research as of March 2026

1. Background

The total damage from credit card fraud in 2025 reached 51.05 billion yen, and the situation remains persistently high (see Figure 1). Furthermore, it is estimated that approximately 75% of the damage is attributed to phishing attacks*2, making phishing countermeasures one of the critical issues in the credit card industry. Moreover, the number of reported phishing cases has reached approximately 2.45 million annually (see Figure 2), and the threat continues to expand.

In recent years, phishing sites have diversified beyond just credit card companies and financial institutions to include e-commerce/service providers, airline/transportation operators, and delivery companies. The methods have also become more sophisticated and varied, combining multiple channels such as email and SMS. While many credit card companies are working to detect and shut down phishing sites impersonating their own websites, a significant amount of information, such as credit card numbers, is also being fraudulently obtained from phishing sites impersonating entities other than credit card companies. To address these challenges, eight domestic credit card companies have collaborated since April 2025 to establish an effective system aimed at curbing phishing damage that impersonates businesses outside the credit card industry.

*2 According to JCCA research, March 2026

【Figure 1: Trends in Credit Card Fraud Damage】

【Figure 2: Trends in the Number of Phishing Reports】

2. Results of this initiative in FY2025 (April-December)

From its operational start on Tuesday, April 1, 2025, until Wednesday, December 31, approximately 50,000 phishing site URLs were jointly shut down by eight domestic credit card companies, ACSiON, and JCCA.

Furthermore, regarding phishing sites targeting companies subject to closure, a comparison of the number of phishing site URLs reported to the Council of Anti-Phishing Japan before the initiative began (March 2025) and after the initiative began (April-December 2025) shows a 50% reduction. From this, it can be inferred that this initiative had a certain effect in deterring the creation of phishing sites. (Refer to Figure/Table 3)

On the other hand, it also became clear that merely responding to phishing sites impersonating specific companies is insufficient to deter overall phishing damage. Based on these results, in fiscal year 2026, we will significantly expand the scope of companies targeted for phishing site closures, enabling us to respond to phishing sites impersonating a wider range of companies and further promote the deterrence of phishing damage.

【Figure 3: Trends in the Number of Phishing Site URLs and Closures】

【Figure 4: Overall Picture of Phishing Countermeasure Services】

【Figure 5: Phishing Site Detection and Countermeasure Flow】

3. Expansion of this initiative in FY2026

In FY2026, to further promote the suppression of phishing damage, five new domestic credit card companies will participate, expanding the joint initiative to close phishing sites to a total of 13 companies. In addition, the Council of Anti-Phishing Japan will newly participate, and will support comprehensive phishing countermeasures, including sharing information on the latest trends in phishing and measures other than closing phishing sites, for companies targeted for phishing site closure.

With the increase in participating companies, it has become possible to significantly expand the target companies for phishing site closures, such as e-commerce/service providers, airline/transportation operators, and delivery service providers, which are frequently used by attackers, covering over 90% of phishing site brands other than financial institutions that aim to illegally acquire credit card information. *3

Based on the results of this initiative in FY22025 and the brand coverage rate, we expect to halve the number of phishing site URLs impersonating non-financial institutions reported in Japan, aiming to further strengthen the deterrence of overall phishing damage.

*3 For financial institutions such as credit card companies, securities companies, and banks, it was confirmed that they are relatively advanced in their own closure efforts, so "non-financial institutions" excluding these areas are used as the base for closure and calculation.

【Figure 6: Expansion of Target Companies for Phishing Site Closure and Coverage Rate in this Initiative】

4. Future Outlook

The 13 domestic credit card companies, ACSiON, the Council of Anti-Phishing Japan, and JCCA aim to eliminate phishing damage from Japan.

For companies with a high number of reported phishing sites, in addition to requesting their proactive efforts to close phishing sites, we will jointly call for the establishment of an environment where they can actively engage in phishing site closure by providing the necessary expertise. We will continue to promote cross-industry anti-phishing measures.

5. Contact Information

Japan Credit Card Association (JCCA)

Secretary General: Nobuyuki Tsujinaka

TEL: 03-6630-0835 Mail: secretariat@jcca-office.gr.jp

---

Reference

■Company Profiles of 13 Domestic Credit Card Companies

■Participating Companies/Organizations Other Than Domestic Credit Card Companies

　　(※) ●: Participating from April 1, 2026

■ACSiON, Inc.

ACSiON (Acsion Inc.) is a cybersecurity company established in July 2019, primarily by members who have been involved in financial crime countermeasures at banks. Leveraging their expertise in financial crime countermeasures and solution building capabilities, they provide services that address new risks in the digital society.

■Council of Anti-Phishing Japan

Established in April 2005. Engages in activities such as collecting and providing case information, materials, and news related to phishing scams, issuing warnings, and conducting technical and institutional studies.

■Japan Credit Card Association

An industry organization established in October 1984 by bank-affiliated credit card companies with the aim of contributing to the sound development of the credit card business and improving the consumer lives and convenience of the public.

That's all