Protecting Customer
Information
The Company rigorously manages and monitors security to safeguard customer information from leaks and cyberattacks and to provide our customers secure products and services.
Rigorous
information management
In the Company's facilities, five security areas are established from Level 1 through Level 5, and each area is subject to strict controls according to its level. The Company designates areas at Level 3 or above as high-security areas, and particularly important information, including personal information and information related to the secrecy of communications, is handled exclusively within them.
For example, the Customer Support Center, a designated high-security area, is managed under dedicated security rules, including controlled entry and exit by security guards and card authentication and restrictions on prohibited items, to ensure rigorous security management.
As part of these initiatives, the Company has obtained ISO 27001 certification, the international standard for information security management systems, and manages its operations based on its requirements. The Company undergoes external audits based on ISO 27001 twice each year to verify the proper operation of its information security management, including compliance with its Privacy Policy.
The Company also carries out two planned internal audits each year under ISO 27001 to verify the adequacy and effectiveness of its information security management system and support continuous improvement.
- [Note]
-
- *Click here for more information on the scope of registration.
- *
Security monitoring
To protect customer information and the equipment used to provide telecommunication services, security analysts are monitoring security at our Security Operation Center (SOC) 24 hours a day, 365 days a year.
As for countermeasures against cyberattacks, the Company monitors DoS attacks on facilities that provide communication services, intrusions into devices connected to those facilities, malware infections on business computers, access to unauthorized sites, and attempted exploitation of vulnerabilities in internal systems. As part of countermeasures against internal threats, the Company monitors employees' use of work computers and prevents actions that may lead to the unauthorized removal of data.
Protecting usage
environment of customers
The Company makes a variety of efforts to provide our customers with a comfortable environment for using its mobile phone, smartphone and Internet services.
Security measures
The Company provides a variety of security measures to protect our customers from potential risks, such as viruses, spyware, and one-click fraud.
Anti-spam measures
The Company provides a spam filter to protect customers from malicious messages, such as spam and fraudulent billing e-mails, that may suddenly arrive on mobile phones and smartphones. Using an accumulated spam database, the filter automatically assesses message content and blocks e-mails identified as spam. The Company has also set up a reporting center that enables customers to report spam simply by forwarding the message received. When spam transmission is confirmed from a subscribed line, the Company takes strict action, including service suspension and contract termination.
Unauthorized access
There has been an increase in cases in which malicious third parties gain unauthorized access to personal information, such as bank account numbers, credit card numbers, login IDs, and passwords, after customers' devices are infected with viruses or customers access URLs contained in e-mails.
The Company is strengthening security to protect customers' personal information by preventing stolen information from being used for unauthorized access to My SoftBank and My Y!mobile member sites, where customers can manage their accounts.
Passcode
Customers can change their settings so that the passcode specified when signing the contract is required to log in to My SoftBank or My Y!mobile.
One-Time Passwords
When a customer uses the payment option called SoftBank/Y!mobile Matomete Shiharai, an SMS (e-mail) is sent to the customer's mobile phone with an authorization code. This authorization code is valid for a limited period, and is known only to the registered user.
Unauthorized access countermeasures
To prevent unauthorized access, including impersonation, when a customer attempts to use certain options available on My SoftBank or My Y!mobile member sites, the Company may send an SMS or e-mail to verify the customer's status in relation to the use of the Company's services.
Supporting corporate
customers' security
The Company provides various security services tailored to the environments of our corporate customers.