Information Security Initiatives
Safe & Secure Rakuten’s Service
Countermeasures and what to do in case of an emergency
Safe & Secure Rakuten’s Service
Security Education
Among the service development processes, Rakuten considers the education of developers to be the most important. Rakuten provides regular education and examinations to ensure that all developers have sufficient knowledge of security and are motivated to develop with a high level of professionalism. In addition, passing the exam once is not enough. Programmers take the exam again every year. This ensures all programmers maintain their security skills. First, developers must attend an all-day seminar conducted by a security expert.
Security RFP and checklist
Rakuten conducts in-house development as a rule, but we outsource some services. We provide a security RFP and checklist to ensure a constant level of security for subcontractors. By using these checks, security audits after delivery can reduce the number of items that are pointed out. It can also be effective as a security review, allowing system specifications to be reviewed prior to contracting.
Confirming that there are no vulnerabilities caused by the server configuration
- Preventing password leaks
- Restricting access
- Preventing phishing attacks
- Encrypting information
- Preventing session hijacking
Security Review
Once the service itself is planned out, we conduct a security review on data handling and specific programming techniques as needed. Its purpose is to review upstream processes from a security standpoint to identify potential problems and risks in advance so that we can perform more secure development.
Vulnerability testing using tools
After coding is completed, we perform quality checks prior to the actual service release.
This serves to find general program and on-screen bugs, but we use tools to test for cross-site scripting, cross-site request forgery and other vulnerabilities.
Security Auditing
At Rakuten, we always conduct a security audit before every service release. Audits are required by our internal regulations. If an audit reveals a vulnerability, the service cannot be released.
Audits are often conducted in-house by audit specialists, though some audits are conducted by specialized security firms.
3. Initiatives to Strengthen Information Security
Rakuten Group is committed to protecting you and your valuable information from unauthorized access, fraud and other information security issues.
About Rakuten's System
With thousands of servers running on Rakuten's Web services, it’s no exaggeration to say that they’re constantly exposed to threats on the Internet. It’s no easy task to maintain the security of Rakuten's massive system. But all of our employees work hard every day to provide safe and secure services to our customers with their abundant security knowledge. This page introduces how Rakuten operates its systems safely and securely.
- About Rakuten-CERT
Rakuten uses the following process to release new services. - Rakuten-CERT Organization Chart
One of the important roles of Rakuten-CERT is to serve as an intermediary for information exchange with external parties.
The development of information sharing within our company is a very important function, of course, but we also transcend our business interests to share information about computer security with other companies.
As a part of these activities, Rakuten-CERT is a member of the Japan CSIRT Council and FIRST (Forum of Incident Response and Security Teams) and actively exchanges information with external parties. - The Future of Rakuten: CERT
Rakuten will expand its business not only in Japan but also in other countries around the world. We plan to incorporate the framework of Rakuten-CERT at branch offices and group companies in each country to establish a global information exchange and improve our incident response. - Management and Application of Vulnerability Information
Every day, vulnerabilities are discovered in all kinds of applications and devices. Rakuten collects publicly available vulnerability information on a daily basis and contacts the relevant security personnel, who are also members of Rakuten-CERT, about vulnerabilities that we believe must be addressed. We then give appropriate instructions on conducting investigations and take action accordingly. Vulnerabilities that we believe must be addressed are scheduled and managed by the Rakuten-CERT office, and we provide support for them until they are resolved.
4. Security initiatives for Major Services
TFor more information on these initiatives, please see the following:
Rakuten Ichiba is implementing the Rakuten Group information security initiative so that our customers can enjoy a safe and secure shopping experience.
Rakuten Ichiba Security initiatives (Japanese only)Stores are required to take our Information Security Test before opening a new store on Rakuten Ichiba. They cannot open if they don’t pass the test. We’re also striving to have each store publish a privacy policy and to hire and advertise store security managers to ensure that customers can enjoy online shopping with peace of mind. Another way we ensure that customers can feel safe shopping with us is our anti-counterfeit measures. We provide refunds in the event that customers are sold counterfeit goods.
Refunds for counterfeit goods1 (Japanese only)
Rakuten Rakuma is implementing various initiatives to provide customers with a comfortable, secure buying experience.
Rakuma's safety and security initiatives (Japanese only)
Rakuten Card is ISMS certified.
Rakuten Card ISMS certification (Japanese only)
This section presents security information about how Rakuten Bank endeavors to make your time at the bank and using our online services enjoyable and safe.
Rakuten Bank security (Japanese only)
This section presents the security measures we use to ensure safe and secure transactions for our customers. It also presents links to financial crime statistics and cases.
Rakuten Securities security (Japanese only)
This section summarizes the security measures that Rakuten Mobile recommends.
Rakuten Mobile information security policy (Japanese only)Countermeasures and what to do in case of an emergency
1. Security tips to start today
The Rakuten Group provides many different services, including online shopping and auction sites. With the development of various technologies, there’s a risk that hackers may use online services for criminal activities or harassment. Hackers steal important customer information through means like unauthorized access. They also attempt to deceive customers into divulging important information or money by means like cleverly leading them to malicious sites.
This section provides information on what our customers should watch for on a daily basis to avoid problems when they use our online services. It also provides information on what to do if they become a victim.
Combating Fake Sites and Emails
Take the following measures to prevent unauthorized logins to your account by third parties as much as possible.
Beware of fake websites
To shop at Rakuten, please visit https://www.rakuten.co.jp.
There’s an endless amount of attempts to steal customers' valuable information or cheat them out of their money by directing them to websites that look just like the real thing.
There’s an endless amount of attempts to steal customers' valuable information or cheat them out of their money by directing them to websites that look just like the real thing.
Ministry of Internal Affairs and Communications "Information Security Site for Citizens" (Japanese only)
STOP. THINK. CONNECT. (Japanese only)
Beware of suspicious emails and messages
Beware of messages pretending to be from real people or from people you know that direct you to malicious services, emails with attachments containing viruses, and messages on social media platforms directing you to malicious sites.
Your personal information could be stolen or you could be charged a large sum of money. It may be difficult to tell, but if the message is written in an unusual way or has a strange attachment, please contact the sender directly first.
Help section for each of our services regarding suspicious emails and SMS
Suspicious social media posts claiming to be from Rakuten Customer Service (Japanese only)
Suspicious emails claiming to be from Rakuten Ichiba (Japanese only)
Suspicious email claiming to be from Rakuten Card (Japanese only)
About the new Rakuten Group login screen (Japanese only)
Strengthening Your Security Measures for Login
The Rakuten Group provides many different services, including online shopping and auction sites. With the development of various technologies, there’s a risk that hackers may use online services for criminal activities or harassment. Hackers steal important customer information through means like unauthorized access. They also attempt to deceive customers into divulging important information or money by means like cleverly leading them to malicious sites. Hackers steal important customer information through means like unauthorized access. They also attempt to deceive customers into divulging important information or money by means like cleverly leading them to malicious sites.
Strengthening Your Security Measures for Login
The Rakuten Group provides many different services, including online shopping and auction sites. With the development of various technologies, there’s a risk that hackers may use online services for criminal activities or harassment. Hackers steal important customer information through means like unauthorized access. They also attempt to deceive customers into divulging important information or money by means like cleverly leading them to malicious sites. Hackers steal important customer information through means like unauthorized access. They also attempt to deceive customers into divulging important information or money by means like cleverly leading them to malicious sites.
Don’t reuse the same password
Please use a password for Rakuten Member ID that you are not using for any other services.
It is very dangerous to use the same password for multiple online services. Recently, there have been many cases of accounts getting hacked using lists of IDs and passwords obtained through various means.
If an unauthorized third party logs in, they can not only view and change your member information, they can also purchase products in your name. Please use a password for Rakuten Member ID that you are not using for any other services.
Strengthen your passwords
Use a password that is as complex as possible and that is al
so difficult for others to guess.
Using a complex password that includes alphanumeric characters and symbols makes it as difficult as possible for hackers to guess your password and break into your account.
Rakuten Group provides a feature that measures the strength of your password during member registration or whenever you change your password.
The gauge changes between low, medium-low, medium and high, depending on the password you set.
We recommended setting a password with as high a rating as possible.
Be careful when using a shared device
Always log out at the end of every session when using a computer or tablet that you share with anyone else, such as at home, at work or at an Internet cafe. Log in using the incognito mode of your browser to prevent unauthorized access by hackers.
Even if you log in using incognito mode, please remember to log out or close the relevant window when you’re done.
If you remain logged in, the personal information you registered may be seen and used.
It’s even safer to also delete your browsing history and clear your browser’s cache.
*If you have any questions about how to set up your browser or about other browser settings, please check your browser's help section or contact the browser company.
*If you open the login screen from a smartphone app (one of Rakuten's apps or social media apps such as LINE, Facebook, Twitter, Instagram, etc.), the in-app browser displays the information. In this case, you can’t use incognito mode. To use incognito mode, please use a browser such as Chrome or Safari.
Using incognito mode (Japanese only)Enhanced login security
Cybercrime is becoming more sophisticated every year. Review passwords that you set several years ago and check if they are easy to guess or if they are being used for other services. If you have received an email from Rakuten titled "It has been a long time since you changed your password," please see this help page and consider taking action. (Japanese only)
Criminals who have obtained your ID and password through some means can continue to access your account without your knowledge. If you don’t change your passwords for a long time, you won’t be able to stop this kind of unauthorized access, because you haven’t replaced the compromised password.
We recommend that you check your current password and set a strong one that is difficult for a malicious user to guess.
Password reset (Japanese only)Watch for unauthorized logins
Set up login history, login alerts and card usage notification emails so that you are immediately notified if something happensYou can minimize the damage if you notice an unauthorized login early. Always be on the lookout for unauthorized logins.
Rakuten Group provides you with the ability to check login information at any time.
How to view your login history (Japanese only)
How to use login alerts (Japanese only)
Card usage notification emails (Japanese only)
When you suspect unauthorized login or fraud
If you identify unusual activities, such as unknown users accessing your account, please contact us as follows.
Please be cautious in following cases
- If you receive a password-reset email at an already-registered email address, an email notifying you about an address change or order that you don't remember If you see an unrecognized login in your login history, login alerts, etc.
- Please follow the following instructions.
If you find what seems to be an unauthorized login or fraud
- Please change your password here: Confirm User ID / Reset Password
- *Please contact the relevant store to cancel any unauthorized orders.
If you find usage history or orders that you don't remember
- Rakuten Ichiba (Japanese only)
*Please contact the relevant store to cancel any unauthorized orders. - Rakuten Card (Japanese only)
*For any credit card other than Rakuten Card, please contact that credit card company. - Serious Damage
In case of serious damages, please also contact the nearest police station or the municipal cybercrime helpdesk.
Municipal cybercrime helpdesk (Japanese only)