How You Can Prepare for Japan’s Coming Wave of Cybercrime

Corporate Japan is about to go through a major transition in its approach to computer security. In the past, Japan-only payment systems and the Japanese language itself provided a barrier that kept international fraud and attacks at a very low level.

All that is changing now. With payment systems becoming increasingly global, and free, instant translation available to anyone with a browser, fraud is on the rise in Japan.

Today we sit down with Atsuyoshi Shimazu of Caulis, and he’s going to both explain the new threats and explain exactly what he plans to do about them. He’ll also explain why Japan’s current approach to the internet of things means that things might get worse before they get better.

It’s a great conversation, and I think you’ll enjoy it.

Show Notes

Why 50 million accounts are at risk in Japan Why some Japanese companies avoid taking security measures Toyota's vision of connected cars in the gig economy What security looks like in an IoT world Why online fraud is about to skyrocket in Japan Japan's susceptibility to ransomware attacks Why hacking insurance might be the future of security Why Japanese CSOs and CIOs are so bad at their jobs

Links from the Founder

Connect with Atsuyoshi on LinkedIn Friend him on Facebook Find out about Caulis

Follow them on twitter @CaulisJP

Visit them on Facebook

Find out if your account has been hacked at Have I Been Pawned

[shareaholic app="share_buttons" id="7994466"] Leave a comment Transcript Welcome to Disrupting Japan, straight talk from Japan’s most successful entrepreneurs.

I’m Tim Romero, and thanks for joining me.

Today, we’re going to talk about fraud. Online fraud, hackers, scams, identity theft in Japan, and what exactly we can do about it. Now, I’ve been involved professionally in IT in Japan for more than 20 years, and that includes both enterprise scale big IT and startup scale little IT.

Corporate Japan has always had a strange relationship with computer security. On one hand, companies are very sensitive to security concerns and they’ll pay top dollar for security hardware and software systems and evaluations. But on the other hand, day-to-day security practices are often neglected. Operating systems remain unpatched, firewalls are set up and then never touched again, and backup systems are rarely tested.

Right now, however, Japan is going through a bit of a security transition in both their understanding of fraud and how susceptible their systems are to fraud and hacking, and walk you through some of these important changes. Today, we sit down with Atsuyoshi Shimazu, founder and CEO of Caulis.

Now, Caulis offers a distributed online fraud prevention service called Fraud Alert, and it’s solid technology that has a special appeal in the Japanese market. Now, Atsuyoshi also explains how the internet of things is going to force all of us to radically change the way we think about online security and security in general. He also explains why the instances and losses due to online fraud is set to skyrocket in Japan over the next two years.

But you know, Atsuyoshi tells that story much better than I can. So let’s hear from our sponsor and get right to the interview.

[pro_ad_display_adzone id="1404" info_text="Sponsored by" font_color="grey" ]

[Interview]

Tim: So I’m sitting here with Atsuyoshi Shimazu of Caulis, the makers of Fraud Alert, which is an online security and fraud prevention tool. I’m sure you can explain it much better than I can. Thanks for sitting down with me. Can you tell me a bit about what Fraud Alert does and what Caulis is?

Atsuyoshi: Fraud Alert protect the corporate website from the fraud attack such as brute force attacks. At first, we protect the log-in page and also conversion page such as money transfer pages.

Tim: You’re preventing unauthorized access to web pages and monitoring the behavior on those pages as well?

Atsuyoshi: Yes. Also, we protect the smartphone apps. We check how to type the word and the behavior.

Tim: So like behavioral profiling?

Atsuyoshi: Yes.

Tim: Okay. So how does it work exactly? Do the systems make an API call to your systems? Is there code level integration?

Atsuyoshi: Yes.

Tim: How does the system work?

Atsuyoshi: First, the client should introduce our JavaScript in their log-in page and also client should set the API connection to our website.

Tim: There’s a different JavaScript callback in every page so you could track users’ behavior?

Atsuyoshi: Yes.

Tim: What type of things qualify as unusual user behavior?

Atsuyoshi: Now, I’m using the MacBook and using the Google Chrome in the location of the Otemachi area. So this is an unusual behavior. But if the hackers use the same ID and password but they use Windows 10 and Internet Explorer outside, this user’s behavior is not normal.

Tim: Okay. Right. So someone is coming in from a new location or if the same IP address tries to log in with a bunch of different user names, that’ll look suspicious?

Atsuyoshi: Yes.

Tim: Does Fraud Alert provide authentication and authorization services as well or is it simply --

Atsuyoshi: Focusing on detection.

Tim: Detection. Tell me about your customers. In previous interviews and on your website, you talk about 50 million accounts being protected but who are your actual customers? Are they ISPs or banks or small e-commerce sites?

Atsuyoshi: Now, we are focusing on the banking and the credit card coverage and also telecom carrier.

Tim: I want to dive into more detail about security in Japan. But before we do that, let’s talk about you for a minute. You found Caulis in December 15. So it’s been a really crazy two years, I’m sure.

Atsuyoshi: Yes.

Tim: And before that, you were working with Okada-san.

Atsuyoshi: Yes.

Tim: At the captcha company, Capy.

Atsuyoshi: Yes, that’s right.

Tim: Capy is also in security. They do this kind of advanced captcha technology.

Atsuyoshi: Yes.

Tim: What made you decide to leave Capy and start your own company?

Atsuyoshi: I have two reasons. Captcha just only focusing on the protecting bots but humans log-in, it cannot protect. This is the first reason.

Tim: Actually, is captcha still effective? Because it seems like at least the text-based captcha, I think AIs are better than humans at it. At least they’re better than me.

Atsuyoshi: Second reason, captcha itself, old hackers user account sees a captcha but the hacker would solve the captcha solution. Some hackers show this is the way to hack and bypass a captcha. Captcha is just only additional authentication but many authentication will be hacked so we want to focus on the detection, not authentication. And also, many electronics and also automatic will be connect it to the internet. So connecting would have the password and ID but captcha is just on a web browser. So we want to spread the security command to IOT industry.

Tim: That’s a good point. It’s dangerous to have a startup that’s really too focused on a specific technology.

Atsuyoshi: Yes.

Tim: All right. That makes sense.

Atsuyoshi: In the beginning of this month, NHK broadcasted the collaboration with Toyota and startups.

Tim: How is Toyota going to use your products? What are they going to use them for?

Atsuyoshi: Toyota is now using the sharing economies business model. Drivers can ride so many automotives. So ID and password, identification is very important.

Tim: Let’s look into this a little more. What will Toyota be doing in the sharing economy? Are they talking about having individual cars that different people can use, sort of like a car sharing program?

Atsuyoshi: Both, yes. They want to transit the business model, human-centric automotive car ride providers.

Tim: So when we move from the traditional web and mobile internet, which is primarily username-password-based, and we’re all used to typing those in --

Atsuyoshi: Yes, right.

Tim: When we move to IOT, when we move to something like an automobile, you’re not using username and password anymore.

Atsuyoshi: But they have so many apps. The apps need to input the ID and a password. After input of Toyota ID and password, the apps shows the users the right way to the destination or you drive so many kilometers so you should go to the car check.

Tim: Okay. You’ll be providing fraud detection for their web applications and mobile applications?

Atsuyoshi: Yes. This is the future strategy of Toyota. Car-centric is 20th century business model, in this century, and they will transit to human-centric car provider.

Tim: Customer-centric.

Atsuyoshi: Yes.

[pro_ad_display_adzone id="1653" info_text="Sponsored by" font_color="grey” ]

Tim: So it’s a relationship not just with the driver but with everyone in the family that might be driving the car or different people in the company who are driving the company car. Interesting.

Atsuyoshi: Yes.

Tim: That is going to be a big change for them.

Atsuyoshi: Yes.

Tim: It certainly makes sense that fraud detection is going to become more and more important as we move towards internet of things and more integrated services across a lot of different devices.

Atsuyoshi: Yes.

Tim: Let’s talk a bit about the problem of fraud in Japan.

Atsuyoshi: This is a very serious situation in Japan. Japan government did a survey in June of 2015, 1/3 IPO company have damage from fraud.

Tim: Yes. I’ve seen that number. So 1/3 of all public companies have said they’ve suffered damage from fraud but that’s a really broad statement. Does that mean internet fraud or credit card fraud? Does that include things like employees stealing from them?

Atsuyoshi: Online banking was 3 billion Yen in 2015. It has been 0.3 billion charge back damage.