Docomo Account Expert "Review standards and measures throughout the industry"

Docomo Account Expert "Reviewing standards and measures across the industry" 18:34, September 9

NTT DOCOMO's "DOCOMO account" is an electronic payment service that allows customers to make purchases and send money online via the registered bank account or convenience store.

You can open a docomo account and use it even if you are not using a NTT docomo mobile phone.

The feature of "docomo account" is that it can be opened more easily than a bank account.

When opening an account, first create an ID called "d account".

At this time, the only information required to verify your identity is your email address, not necessarily your mobile phone number.

If you enter the 6-digit number received at this email address within 10 minutes, you will be able to create a "d account" and open a docomo account.

Then, if you connect the docomo account and the bank deposit account, you can transfer up to 300,000 yen per month from the bank account to the docomo account.

To link the docomo account and bank account, you need to enter the information set by each bank, such as name, account number, cash card PIN, and date of birth.

According to NTT Docomo, only one Docomo account can be registered in one bank account.

This means that a bank account that has already been linked to a docomo account cannot be illegally used by a third party linked to another docomo account.

Expert "Review standards and measures across the industry"

Masanori Kusunoki, who is familiar with financial-related information security and serves as the government's assistant director of information technology, said, “Weak system security is exposed as more and more people use cashless services. It is necessary to review standards and measures throughout the industry.”

You can open an account with the docomo account settlement service if you have an email address.

This time, it seems that the criminal exploited this mechanism to impersonate another person, open a Docomo account, and withdraw the deposit from the bank using the name, account number, and personal identification number of the bank account that was calculated in some way. ..

Mr. Kusunoki points out that when opening a Docomo account, the system for verifying identity, such as linking with the mobile phone number, was weak.

On the other hand, this time, it seems that the system on the bank side, which had been damaged by withdrawing deposits, did not use a mechanism to check the deposit balance of the passbook and confirm the identity when linking with the docomo account. I point out the weakness of security.

Mr. Kusunoki said, "Electronic payment services such as docomo accounts are rapidly becoming widespread, but security measures are weaker than Internet banking, and damage such as this may occur again. It is necessary to strengthen the mechanism of.”