identity Public policy

Summary of the Cabinet Meeting on Crime Prevention "Comprehensive Measures to Protect the Public from Fraud"

Nat 2024-06-26 No Comments

On June 6th, the Crime Prevention Ministerial Meeting announced,Comprehensive measures to protect citizens from fraud'1has appeared.

The document outlines comprehensive measures to prevent fraud, including:

  1. Measures to prevent victimization
    • Public relations and awareness raising regarding SNS investment scams, romance scams, and phishing, advertising review, promoting the closure of phishing sites, measures against credit card fraud, etc.
  2. Measures to prevent people from becoming complicit in crime
    • Collection and deletion of information about illegal part-time jobs, education and awareness-raising, measures regarding recruiters and contact methods, establishment of a reporting system for fraudulent use, etc.
  3. Measures to "take away criminals' tools"
    • Strengthening identity verification, preventing fraudulent use of savings accounts and cryptocurrencies, eliminating illegal labor recruitment, etc.
  4. Measures to "keep criminals safe"
    • Clarifying the true nature of highly anonymous criminal groups, combating money laundering, and promoting the recovery of financial damages, etc.

Through these measures, the aim is to prevent fraud victims and create a safe and secure society.

So, by example, Otio AI I fed this document to and compiled various things. (Note that this is not a fully automated process, as I manually added information and changed the configuration.)

I. Overview

1. Measures to prevent people from becoming victims

Measures focusing on the actual damage caused by SNS-based investment and romance fraud

  • Measures to ensure a sound investment environment
    • Effective public relations and awareness-raising based on the damage situation, etc.
    • Countermeasures against posts and fake advertisements that lead to investment fraud sites
    • Clarification that false advertisements by unregistered businesses may constitute illegal financial instruments business.
    • Promoting appropriate measures such as removing impersonation-type false advertisements
    • Promoting appropriate responses to false advertising, etc. by trade associations, etc.
    • Promoting the introduction of technology to ensure the reliability of information content and senders
    • Mandating large-scale platform operators to take measures to expedite removal and to make operational status more transparent
  • Measures against tactics using social media and matching apps
    • Implementing effective warning displays and consent acquisition when adding unknown accounts as friends
    • Strengthening user identity verification, etc.
    • Consideration of measures such as swiftly suspending the use of social media accounts used to commit crimes

Measures focusing on the actual damage caused by phishing

  • Measures to prevent access to phishing sites
    • Promoting support for sender domain authentication technology (DMARC, etc.)
    • Facilitating the closure of phishing sites
    • Promoting the use of passkeys
  • Measures to avoid becoming a victim even if your ID and password are stolen
    • Strengthening information sharing with EC member stores, etc.
    • Improving efficiency in providing information on fraudulent credit card use
    • Preventing unauthorized transfers to cryptocurrency exchanges
    • Preventing damage caused by code payments
  • Improving the sophistication and efficiency of phishing countermeasures through the use of cutting-edge technology
    • Preemptive measures based on the characteristics of phishing sites
    • Improved and efficient detection of phishing sites using AI generation etc.

Measures focusing on the actual damage caused by special fraud, etc.

  • Creating a victim-free environment
    • Further promote public relations and awareness-raising activities to emphasize the importance of measures to prevent fraud damage throughout society
    • Measures to avoid receiving direct calls from criminals
    • Raising awareness by using the seizure list
    • Collaboration with delivery companies to prevent robbers disguised as delivery companies
    • Support for the installation of high-security building components, security cameras, delivery lockers, etc.
    • Measures to prevent people from storing cash at home
    • Vigilance through patrols, etc.
  • Preventing society-wide harm
    • Preventing damage in cooperation with financial institutions
    • Preventing damage in cooperation with convenience stores, etc.
    • Preventing damage in cooperation with delivery companies

2. Measures to "prevent people from becoming complicit in crimes"

  • Promoting information gathering, deletion, and crackdown on information on "illegal part-time jobs"
  • Removing illegal and harmful recruitment from cyberspace
  • Education and awareness raising to prevent young people from becoming involved in crime as if it were a part-time job
  • Measures to prevent communication within criminal groups
  • Promoting efforts to achieve fair punishment for perpetrators of robbery and specialized fraud
  • Promoting efforts to prevent relapses of juvenile offenders who have participated in fraud and other crimes

3. Measures to "take away criminals' tools"

  • Measures against telephones used by criminal groups, etc.
  • Measures concerning deposit and savings accounts, etc.
  • Measures for moving crypto assets
  • Measures against the blacklist
  • Public relations and awareness-raising for foreign residents
  • Preventing unauthorized use of vacant houses in cooperation with real estate agents

4. Measures to "prevent criminals from escaping"

  • Crackdown on and clarification of the existence of anonymous and mobile crime groups
  • Anti-Money Laundering
  • Promoting the recovery of property damage

II. Issues from an Identity Management Perspective

As you can imagine from the above, there are many issues to consider from an identity management perspective.

1. Reference to the method of "identification"

Here are some ways to verify your identity:

  1. Strengthening identity verification at the time of contract based on the Act on Prevention of Transfer of Criminal Proceeds and the Act on Prevention of Mobile Phone Fraud:
    • Face-to-face confirmation: Reading the IC chip information on My Number cards will be mandatory.
    • Non-face-to-face confirmation: In principle, the only official personal authentication will be the My Number card, and identification documents without photographs will be abolished.
  2. Identity verification when signing a mobile phone contract:
    • Face-to-face confirmation: Reading the IC chip information of the My Number card will be mandatory. However, the Minister of Internal Affairs and Communications announced at a press conference after the Cabinet meeting on the 25th that a driver's license will be acceptable for non-holders.2.
    • Non-face-to-face confirmation: (In principle) Promote identity verification using official personal authentication. Abolish methods of transmitting driver's licenses, etc., and identity documents without photographs.
  3. Strengthening identity verification when opening official SNS accounts:
    • To prevent crime, we will encourage social media operators to conduct identity verification when opening an official account.
    • Given the reality that general accounts are being misused, including in cases where accounts are opened overseas, we urge companies to strengthen their countermeasures.
  4. Identity verification when opening a matching app account:
    • We will encourage matching app operators to implement stricter identity verification using public personal authentication services.

These measures aim to increase the effectiveness of identity verification in order to prevent fraud and crime. It can also be seen that the level of assurance of official personal authentication is considered to be higher than that of simply reading IC chip information. However, this is vulnerable to the so-called "lending and borrowing attack," also known as the "Alice to Bob Attack," so there is some debate as to whether this is a good idea.

2. Promoting the introduction of technology to ensure the reliability of information content and senders

The following initiatives are being promoted to introduce technologies to ensure the reliability of information content and senders:

  • Add sender information to information content: Conduct a technology demonstration to add information about the sender of information content so that recipients of information on the Internet can easily determine the reliability of the information and the sender, and consider utilizing the technology based on the results of the demonstration.

This is also being considered by the Trusted Web Consortium.Originator ProfileI guess that's what they're referring to. There are also initiatives like this one, such as the Japan Institute for Digital Advertising Quality Certification (JICDAQ), which certifies businesses that have taken measures against fraud and provides reliable information.3Among them were TypeKey and SXIP (which later merged into OpenID), which made me feel nostalgic.

3. Measures to avoid becoming a victim even if your ID and password are stolen

The following is a list of measures you can take to avoid becoming a victim even if your ID and password are stolen:

  • Strengthening information sharing with EC member stores, etc.: Promote cooperation between EC member stores and the police, and promote efforts to share information on fraudulent transactions in a way that balances the protection of users' personal information and measures to prevent damage.
  • Improving efficiency in providing credit card fraud information: In order to implement more swift and effective measures against fraudulent use of credit cards, a framework will be established whereby information such as credit card numbers obtained through investigations etc. will be provided to international brands, who will then provide this information to individual card issuers, etc.
  • Preventing unauthorized transfers to cryptocurrency exchanges: Request financial institutions to strengthen measures against unauthorized transfers to cryptocurrency accounts, and monitor their implementation. Regularly follow up and provide feedback to financial institutions on the results to request that they continue to strengthen their measures.
  • Preventing damage caused by code paymentsBased on the actual situation of fraudulent use of code payments using information stolen through phishing, etc., we will provide convenience stores, pharmacies, etc. with specific information on criminal methods and request them to take measures.

4. Measures to prevent access to phishing sites

The following specific measures are listed to prevent users from visiting phishing sites:

  1. Promoting the introduction of sender domain authentication technology (DMARC, etc.):
    • In order to prevent the receipt of phishing emails, we will encourage internet service providers and email sending companies to consider the planned introduction of authentication technology.
  2. Facilitating the closure of phishing sites:
    • We will work with businesses that have been victimized by identity theft to request hosting providers to close phishing sites. We will also work with related organizations and cybercrime volunteers to improve the environment for implementing such requests.
  3. Promoting the use of passkeys:
    • We will encourage financial institutions and e-commerce affiliates to adopt Passkey, a next-generation authentication technology, in order to promote its use among users.

This is an effective measure to prevent access to phishing sites. So, passkeys are mentioned here. Congratulations! I wrote a detailed summary of passkeys the day before yesterday."Chrome Tech Talk Night #16 ~ Passkey" SummaryI have written the following, so please refer to it.

5. Measures against inappropriate use of SMS

Several specific measures to combat inappropriate use of SMS are also mentioned:

  1. Expanded use of SMS filtering: Promote the use of SMS filtering, which is provided by default by some telecommunications carriers.
  2. smishing4Accepting messages and raising awareness: Accept reports of smishing messages and promote awareness and training on countermeasures.
  3. Identifying and alerting malware-infected devices: Analyzes data obtained through SMS filtering, identifies smartphones and other devices infected with malware, and issues warnings.
  4. Clarification and transparency of source:Establish industry rules regarding the clarification and transparency of the sender of SMS, and promote the delivery of messages in a manner that clearly indicates that they are genuine.

These measures are intended to prevent damage caused by phishing scams (smishing) that exploit SMS.

6. Measures to avoid receiving calls directly from criminals

When it comes to measures to avoid receiving calls directly from criminals, the first thing that comes to mind from the identity management perspective is caller identification. For example, if you use a Google Pixel, it will show you what type of phone number the caller is (e.g., possible nuisance call). However, this document does not go that far yet, and only mentions the "introduction of devices with nuisance call prevention functions." Including this, the following countermeasures are listed:

  1. Introduction of equipment with nuisance call prevention functions.
  2. Suspend international calls from landlines in elderly people's homes.
  3. Block calls from withheld numbers.
  4. Always set your landline to answering machine and only respond when you have confirmed who is calling.

As someone who has one foot in the elderly world, I have done steps 1, 3, and 4.

7. Age Verification/Age Verification

When talking about protecting citizens from fraud, it is important to confirm, authenticate and protect particularly vulnerable age groups. I looked at the document from that perspective, but unfortunately there is no direct reference to age confirmation or age authentication. The only relevant information is about measures to strengthen authentication technology for identity verification and to prevent fraudulent use, specifically, strengthening identity verification for official accounts when opening accounts on SNS or matching apps, and implementing strict identity verification using public personal authentication services, etc.

Regarding age verification, the ISO is currently working on it, and the OpenID Foundation is also considering Advanced Claims Syntax. I would like to see these issues mentioned as future issues.

8. Measures against illegal part-time jobs

In relation to this, I also looked into measures against illegal part-time jobs. Because I have heard that illegal part-time jobs often target people of vulnerable age groups. In fact, education and awareness-raising for young people was included in the measures.

The following specific measures have been put forward to combat illegal part-time work:

  1. Cyber ​​Patrol and Investigation: Identify illegal part-time job information through cyber patrols, and investigate and delete illegal information1.
  2. Individual warning to poster: Individual warnings will be issued to those posting illegal job postings using the reply function2.
  3. Utilization of AI: Introducing an AI search system to quickly and accurately grasp information3.
  4. Use of the Internet Hotline Center: Information suggesting high rewards will be added to the center that handles reports of illegal and harmful information and requests for its removal, to promote the provision of information4.
  5. Public relations and awareness raising through recruitment media, etc.: Raise awareness among industry groups and employers to prevent illegal and harmful labor recruitment5.
  6. Education and enlightenment for young people: Strengthening public relations and awareness-raising activities in educational institutions from elementary school to university to prevent young people from becoming involved in crime6.
  7. Caution regarding highly confidential communication apps: Raising awareness to prevent the use of communication apps used in crimes7.

These measures are being taken widely to prevent people from becoming complicit in crimes through illegal part-time jobs.

III. Also, how about we hold a meeting to ask Otio some questions?

I'm sure there are many other questions. Maybe we should do another YouTube session where we ask Otio about this document? Maybe this Friday or next Monday...

If I decide to do it, I'll announce it here.

footnote

  1. Ministerial Meeting on Crime Prevention "Comprehensive measures to protect citizens from fraud(Ministry of Internal Affairs and Communications) (Obtained 2026-06-26)
  2. Kyodo News: "Minister of Internal Affairs and Communications on unifying My Number cards to allow driver's license for identity verification when signing mobile phone contracts" (Tokyo Shimbun)https://www.tokyo-np.co.jp/article/335845 (Obtained on 2024-06-26)
  3. Kato, Kurohashi, and Emoto (2006) "The reliability of information content and its evaluation techniques" Japanese Society for Artificial Intelligence SWO-014 https://www.jstage.jst.go.jp/article/jsaisigtwo/2006/SWO-014/2006_01/_article/-char/ja (Obtained on 2026-06-26)
  4. SMS-based phishing scams

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.