OneSpan’s cloud-based FIDO authentication helps Japan’s largest trust bank combat phishing threats

Sumitomo Mitsui Trust Bank (SuMiTB), Japan’s largest trust bank, has partnered with SCSK Corporation and OneSpan to deploy a new cloud-based FIDO authentication solution aimed at strengthening mobile banking security.

The initiative comes as Japan grapples with rising account takeover (ATO) fraud, which has resulted in losses approximating ¥690 billion (US$4.44 billion) in 2025. The deployment is the first time OneSpan’s cloud-based FIDO solution has been implemented for mobile banking in Japan.

SuMiTB plans to integrate FIDO authentication directly into mobile transactions, creating an advanced security framework as the system aims to prevent phishing-related fraud and account impersonation. Customers should meanwhile expect a seamless digital banking experience.

The measure aligns with new regulatory mandates from Japan’s Financial Services Agency (FSA), which has proposed amendments requiring financial institutions to adopt phishing-resistant, multi-factor authentication. The country is also tightening rules for remote account openings at banks and financial institutions by mandating IC chip-based identity verification starting in April 2027.

“This selection not only underscores OneSpan’s leadership and credibility in Japan’s rapidly evolving FIDO market, but also demonstrates our ability to deliver enterprise-scale, phishing-resistant authentication that meets the highest regulatory standards,” says Victor Limongelli, CEO of OneSpan.

OneSpan’s Cloud Authentication platform offers multi-factor security for online applications and transactions, with scalability to meet strict compliance requirements. The company has made FIDO biometric authentication a key part of its strategy as it acquired Nok Nok Labs this summer. OneSpan considers the integration of Nok Nok’s phishing-resistant FIDO authentication solutions advantageous to customers as it offers a wider range of flexible and future-proof authentication options.

SCSK Corporation, which is supporting the deployment, emphasized its commitment to advancing secure authentication in Japan. “This implementation demonstrates SCSK’s commitment to providing advanced, secure authentication solutions to the Japanese financial sector, and highlights the strength of our partnership with OneSpan,” says Hideho Masuda, Senior Executive Officer at SCSK.

Neighboring South Korea has removed a major barrier to using the FIDO protocol for passwordless authentication by confirming it falls outside the scope of a requirement for user consent to process biometrics.

Article Topics

banking  |  biometric authentication  |  biometrics  |  cybersecurity  |  FIDO2  |  Japan  |  OneSpan  |  passkeys  |  passwordless authentication