Project XBY

Asia-Pacific · GDP rank #3

Japan

JP · JPY @ 0.0063/USD

The cashless share climbed from 21% in 2017 to 42.8% in 2024 — METI's 40%-by-2025 target hit a year early. Mobile QR codes (PayPay above all) have absorbed the bulk of incremental growth; cards — particularly credit — still carry the value. JCB retains a meaningful domestic share; Zengin is a 50-year-old rail being incrementally modernised, with Wise becoming the first non-bank to join via direct API in late 2025.

Tab 06

Fraud & security

Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.

Annual fraud losses

¥54.1B +19% vs 2023

JPY · 2024

Loss rate

4.6bp

basis points on transaction value · 2024

CNP share of fraud

93%

% · 2024

Fraud typology

Where losses come from

Card-not-present dominates every developed-market fraud profile — counterfeit and lost/stolen have both been mechanically suppressed by EMV and tokenisation over the last decade.

Share of card fraud

  • Card-not-present (ecommerce)93%
  • Counterfeit/skimming2%
  • Lost/stolen4%

Authentication

What's deployed on cards today

EMV is the floor; tokenisation removes PAN from merchant systems; 3DS covers the CNP flow; biometric auth drives device-level wallet transactions. Adoption gaps between markets are the clearest signal of fraud-regime maturity.

EMV chip penetration

100%

% · 2024

Achieved mandatory EMV liability shift 2020.

Tokenised transactions

34%

% · 2024

3DS coverage · CNP

55%

% · 2024

METI mandated EMV 3DS on all e-commerce merchants by March 2025.

Biometric mobile wallet txns

90%

% · 2024

Consumer protection

Framework
Instalment Sales Act and Credit Card Industry Guidelines
Max consumer liability
¥0 for unauthorised card transactions reported within 60 days (subject to gross-negligence exception)
Liability rules
Card issuer bears loss for unauthorised transactions where cardholder has not been grossly negligent. E-money / wallet losses are governed by provider terms under PSA — FSA supervisory guidance requires comparable consumer protection to bank deposits for balances above regulatory thresholds.

Source · METI

Security standards

  • PCI DSS 4.0 (mandatory March 2025)
  • METI Credit Card Security Guidelines 4.0 (EMV 3DS mandate)
  • APPI (Act on Protection of Personal Information) — revised 2022
  • FSA Cybersecurity Guidelines for Financial Services