Cybersecurity System

Basic Stance

While transactions using the Internet and smartphones have increased with the remarkable development of digital technology in recent years, the Bank has been working to expanded services that rely on digital channels.
On the other hand, the advance in sophistication and skill in methods of cyberattacks has brought increasing risk to financial institutions.
JAPAN POST BANK regards the risk of cyberattacks as one of the top risks for management, and works to continuously strengthen the cybersecurity system through management initiative.

Governance System

In order to strengthen the cybersecurity system through management initiative, JAPAN POST BANK has established an organization dedicated to cybersecurity (the Cybersecurity Department) under the President and Representative Executive Officer, and the Chief Information Security Officer (CISO).By providing reports on a regular and ad hoc basis to the Board of Directors and the Executive Committee, the Bank has developed a governance system that allows for timely, appropriate management decisions in accordance with changes in the environment.
The status of IT system management, including cybersecurity, is regularly discussed by the Risk Committee, an advisory body to the Board of Directors, and reported to the Board of Directors at least once a year, thus the Board of Directors has an oversight function regarding cybersecurity measures.

Japan Post Group Executive Declaration on Cybersecurity

As a member of the Japan Post Group, the Bank expressed the Japan Post Group Executive Declaration on Cybersecurity.

Related Information

Japan Post Group Executive Declaration on Cyber Security

Management System

JAPAN POST BANK has established several professional cybersecurity organizations, including JPBank CSIRT (Computer Security Incident Response Team), which serves to prevent cyber incidents and respond in the event one actually occurs, and JPBank SOC (Security Operation Center), which monitors logs from security devices, network equipments, and other sources to detect and analyze any indications of cyber incidents, as part of our ongoing efforts to protect against cyberattacks.
In the event of an incident, we conduct regular training and exercises to ensure that information sharing, decision-making, public relations, and countermeasures are carried out accurately and promptly. In addition, we have strengthened our cybersecurity posture based on evaluations and recommendations from third parties in accordance with the FFIEC-CAT(Federal Financial Institutions Examination Council - Cybersecurity Assessment Tool) framework. Starting in fiscal 2025, we will implement advanced countermeasures reflecting the latest security trends based on the internationally recognized CRI Profile(Cyber Risk Institute Profile).
Furthermore, through collaboration with government agencies, industry peers, and related organizations, we are developing multilayered detection and defense measures, including the analysis of new attack methods and the development of countermeasures.

Developing Human Resources to Support Cybersecurity

In today's world where use of cloud services, AI, and other digital technologies only continues to increase, taking actions with an awareness of cybersecurity risks in all manner of situations as part of business activities has become essential. In order to strengthen the management base to become a more trusted bank, JAPAN POST BANK assigns professional cybersecurity experts. Similarly, we systematically organize the required skills, promote human resources development in a planned manner in line with the responsible duties and skills, and enhance the expertise of human resources for this purpose.
Moreover, the Bank raises awareness of cybersecurity among every employee, including those involved in management, and actively provides the basic.

Developing Professional Cybersecurity Experts

In order to promote cybersecurity system enhancements and put protections against cyberattacks into practice, JAPAN POST BANK formulates training plans based on the required professional knowledge and experience, provides skills training courses and assistance for acquiring certifications, and conducts annual incident response drills.
Moreover, the Bank actively participates in outside initiatives, including the Financials ISAC Japan, an organization established to share information among the financial sector, as well as various training programs organized by the Financial Services Agency of Japan and the Metropolitan Police Department. Through these endeavors, we accumulate professional knowledge and experience in order to strengthen our implementation frameworks.

Cybersecurity Education

In order to chart a greater awareness of and provide more in-depth basic knowledge on cybersecurity, JAPAN POST BANK conducts cybersecurity training for managements as well as targeted e-mail attack drills for all executives and employees (including non-regular employees).
In addition, the publication of an internal informational magazine that regularly alerts employees to cyberattacks and informs them of response measures (including what to do if an employee discovers a cybersecurity problem in addition to the necessary measures to address the threat of cyberattacks). We also provide e-learning contents designed to teach everything from basic knowledge to the latest expert-level knowledge, in an effort to educate employees.

Major Cybersecurity Initiatives

JAPAN POST BANK is working to enhance identity verification and authentication, implement virus countermeasures and vulnerability measures, analyze threat trends, detect cyberattacks, and monitor fraudulent transactions so that customers can use the services provided through digital channels with greater peace of mind and security.

• Strengthening Identify Verification
  Introduced eKYC (electronic Know Your Customer: A technology that compares smart cards from personal identification documents with facial information photographed at the time of registration to complete identity verification entirely online) to prevent fraudulent registration impersonating customers.
• Strengthening Identify Authentication
  Introduced an authentication app that complies with FIDO (Fast IDentify Online:international standards for online authentication) to further strengthen authentication during important transactions, such as money transfers, and introduced Token, a device for generating passwords that can only be used once (one-time passwords).
• Anti-virus Measures
  Free distribution of PhishWall Premium, a software designed to prevent fraudulent money transfers by detecting.
• Vulnerability Countermeasures
  Collecting daily cyberattack threat and vulnerability information and implementing countermeasures for them, as well as conducting TLPT^*3 (Threat-based Penetration Testing) aimed at enhancing our ability to defend against breaches to our systems caused by attacks.
• Fraudulent Transaction Monitoring
  Monitor unauthorized access to Internet banking systems and prevent damage from fraudulent money transfers, etc.
• Measures against spoofed e-mails
  Implementation of measures against suspicious e-mails by introducing sending domain authentication technology such as DMARC(Domain-based Message Authentication, Reporting and Conformance. A mechanism that allows the sender to determine whether to deliver an e-mail to the recipient when it is determined to be spoofed or tampered with),and displaying brand logos in e-mails.
• Awareness of Cyber Incident Reporting Process
  Employees are required to promptly contact the Cybersecurity Department and other relevant divisions in the event of a cyber incident (or a suspected incident) to prevent further damage.

Related Information

Security measures of Japan Post Direct (Japanese only)