Japan does not move fast on things. The country’s regulatory and legal culture tends toward deliberation, consensus, and caution. Which is why the data-sharing agreement signed this week between the National Police Agency and three of Japan’s most significant ecommerce platforms is worth reading carefully. When Japan’s law enforcement apparatus moves quickly and directly, something has become urgent enough to override the usual pace.
The National Police Agency signed an agreement with three major ecommerce site operators on Thursday to share information and prevent fraudulent transactions. Under the pact signed with Mercari, LY and Rakuten, the police will receive and analyze information on credit cards used fraudulently and on accounts of malicious merchants.
The agreement covers all ecommerce services offered by the three companies, which between them operate Japan’s most significant consumer-to-consumer and business-to-consumer marketplaces: Rakuten Ichiba, Rakuten Rakuma, Mercari, Yahoo! Japan Shopping, and Yahoo! Japan Flea Market. The results of the NPA’s analysis will be shared back with the companies to prevent further damage, while the findings will also be used for police investigations.
Why the Old System Was Not Working
The formal legal process for Japanese police to obtain transaction data from a private company previously required a warrant, a judge’s approval, and a timeline that could stretch from days to weeks. In ecommerce fraud, days to weeks is the window in which the money moves, the accounts get closed, and the perpetrators disappear.
The new agreement allows law enforcement to bypass those bureaucratic delays and directly analyze real-time transactional data linked to malicious merchant networks and stolen financial credentials.
The scale of the problem is significant. “Credit card fraud, including cases involving stolen numbers, results in annual losses of over ¥50 billion,” an NPA official said. “We want to curb damage by using the pact to share information swiftly and develop countermeasures.” That figure covers card fraud specifically. Japan’s broader special fraud category, which encompasses telephone scams, digital fraud, and romance scams, eclipsed ¥121.3 billion by end of 2025.
What Gets Shared and How
When an operator determines that a transaction is illegal, typically flagged via merchant reports or customer complaints about undelivered merchandise, it will provide the National Police Agency with personal information linked to the account, such as the user’s name and address. If fraudulent use of a buyer’s credit card is detected, the companies are also expected to provide the card information and delivery address.
The NPA will cross-reference this data against its criminal databases, track behavioral patterns across multiple platforms simultaneously, and route findings back to the companies so they can proactively ban malicious accounts. The two-way flow is the structural innovation here. Previous cooperation arrangements were typically one-directional: police request data, company provides it. This agreement creates a loop where the NPA’s criminal intelligence also flows to the platforms, allowing them to act on threats the police identify before they result in additional fraud.
The NPA also plans to share trends in products likely to be targeted by fraud due to their high liquidity, as well as commonly used scam methods. Information will also be shared with prefectural police departments across Japan to assist their investigations.
The Phantom Merchant Problem
One category of fraud the agreement specifically targets is what Japanese law enforcement calls phantom merchants: synthetic storefronts built on legitimate marketplace infrastructure that exist to harvest consumer payment data or launder funds through fake inventory purchases. The operators behind these syndicates frequently use stolen identities to pass basic corporate registration checks.
This is a specific, well-documented Japanese manifestation of the fake seller problem that exists on every major marketplace globally. The difference in Japan is that the financial infrastructure for moving stolen funds is more tightly regulated, which has pushed criminal operations toward the marketplace layer as a more accessible entry point. Phantom merchants can establish apparent legitimacy through a platform’s registration process, accumulate payments from multiple victims before detection, and disappear before manual review catches them. The data sharing agreement is designed to close that detection lag.
The Privacy Dimension
Under Japan’s personal information protection law, providing personal data to a third party generally requires the individual’s consent, although exceptions apply when government agencies cannot carry out their duties without the data. The agreement operates under that exception. Whether it will survive legal challenge or produce a precedent-setting ruling on the scope of that exception is a question that will likely take years to answer.
Japan Is Running Multiple Fraud Crackdowns Simultaneously
The ecommerce data-sharing pact sits within a broader and accelerating Japanese anti-fraud posture. In May, the NPA signed a parallel agreement with nine major banks allowing prefectural police to digitally request and quickly freeze accounts suspected of involvement in fraud schemes.
Tokyo Metropolitan Police reported a 38.8% drop in fake-police impersonation scams in the first five months of 2026, attributing the decline partly to a crime prevention app that blocked over 420,000 fraudulent international calls on Android devices alone. The ecommerce agreement is the missing piece that extends this enforcement infrastructure into the marketplace layer where a significant portion of consumer fraud now originates.
Our Take
Japan Just Made Fraud Harder
The NPA-Mercari-Rakuten-LY agreement is among the most sophisticated examples of platform-law enforcement data integration in consumer ecommerce anywhere right now, and it is worth watching closely for two reasons. First, it represents a model that other governments are going to examine: real-time, pre-approved data pipelines that let police act on fraud signals before the money moves, rather than after.
Second, it places a meaningful new operational responsibility on the platforms. Under this arrangement, Mercari and Rakuten are not just marketplaces. They are de facto frontline fraud detection infrastructure for the Japanese state. The commercial incentive to participate is clear: fraud erodes consumer trust and platform trust simultaneously.
The question that remains open is where the line sits between “platform as fraud detection partner” and “platform as surveillance infrastructure,” and whether Japan’s personal information protection law exception is robust enough to hold that line when the cases get harder.













