Sumitomo Mitsui Trust Bank (SuMiTB), a Japan-based trust bank, has selected SCSK Corporation and OneSpan to improve mobile banking security amid rising phishing and account takeover threats.
The initiative builds on OneSpan’s experience supporting on-premises FIDO authentication deployments across Japan and introduces the country’s first cloud-based FIDO authentication solution for mobile banking. The collaboration reflects a strategic shift toward modern, scalable authentication technology that can support future regulatory and operational needs.
Japan continues to experience a rapid increase in digital banking fraud, with estimated account takeover losses reaching approximately USD 4.42 billion in 2025. Regulatory agencies have intensified their oversight in response. The Financial Services Agency (FSA) has proposed amendments to supervisory guidelines that would make phishing-resistant authentication mandatory across the financial sector. This regulatory momentum is accelerating the adoption of FIDO authentication, which offers a strong defence against credential theft, phishing attacks, and unauthorised account access. SuMiTB’s deployment aligns with these national security priorities and positions the bank as an early adopter of next-generation digital identity protection
Expanding FIDO authentication beyond login verification
SuMiTB is preparing to extend FIDO authentication beyond traditional login use cases by integrating it directly into mobile banking transactions. This approach is designed to reduce impersonation risk and elevate transaction-level security across digital channels. By embedding phishing-resistant authentication into each high-value action, the bank aims to establish an advanced customer protection framework. The solution will support simple mobile interactions while mitigating evolving threats such as social engineering, session hijacking, and targeted phishing campaigns.
OneSpan’s cloud-based platform, OneSpan Cloud Authentication (OCA), provides multi-factor authentication designed for high scalability and rapid implementation. The platform supports multiple authentication methods, including FIDO protocols, passkeys, Digipass, and Cronto visual signing, to meet diverse operational and regulatory requirements. By working with SCSK Corporation, OneSpan aims to deliver an integrated security stack capable of supporting Japanese financial institutions as they modernise their digital ecosystems and strengthen fraud resilience.
