Seller Merchant onboarding

Register a Seller Merchant account for your seller (Platform Use Case)

Get started

As a Platform Merchant (Platform Business), you are required to register a "Seller Merchant" account for each of your sellers/users via our APIs.

Key prerequisites:

  1. We only accept Japanese entities (both Corporation and Sole Proprietorship) to register a Seller Merchant account.
  2. Seller Merchant must have a Japanese Bank Account to receive payouts in JPY from KOMOJU.

1) Create a Seller Merchant account

Request Merchant: Create API to create a Seller Merchant account with platform_role set to seller.

curl -X POST https://komoju.com/api/v1/merchants \
-u <platform merchant secret key>: \
-d name='New Seller Merchant 1' \
-d platform_role="seller"
Request AttributeTypeDescription
namestringSeller Merchant's name
platform_roledropdownThe role of sub-merchant account. Please specify it as sellerhere.

2. Query the seller merchant’s live_application for required fields

Request Live Application: Show API with seller merchant's uuid you received from the previous step.

curl -X GET https://komoju.com/api/v1/live_application/{id}?locale=en \
-u platform_merchant_secret_key:

Response example

{
    "merchant_id": "5td723eoi9txn8sj545ww2mv1",
    "status": "incomplete",
    "payments_enabled": false,
    "payouts_enabled": false,
    "requested_fields": [
        {
            "field_type": "phone_number",
            "field": "company_information.company_phone",
            "field_name": "Company Phone",
            "field_properties": {
                "minLength": 1,
                "pattern": "^([() \\-_+]*[0-9]){10}[() \\-_+0-9]*$"
            },
            "optional": false
        },
      	...
    ],
    "newly_requested_fields": [],
    "errored_fields": []
}

Within the requested_fields array, you’ll find the required information for Seller Merchant registration. If a field’s optional parameter is set to false, the Seller Merchant must provide the relevant information. If set to true, they can skip it if they don’t have the corresponding details.

Following is the breakdown of each field property.

"field": "visa_mastercard_credit_card.access_restrictions",
"field_name": "Implemented (to be implemented)",
"field_description": "Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen.",
"field_type": "checkbox",
"field_properties": {}
"optional": false
  • field is the property name that should be used when submitting information for that field.
  • field_name is the localized name for the field that should be shown to the user.
  • field_description is a localized explanation of what the field is asking.
  • field_type is the type of component that should be displayed.
  • field_properties includes information about restrictions on the value of the field.
  • optional represents whether the field is required or not.

(1) field_types

Different field_types are meant to help direct the types of form components shown to the user to help differentiate and format expected values.

TypeDescription
stringA string
dropdownA dropdown of values. field_properties['enum'] will contain the translation ↔ value pairings
radioA radio selection. field_properties['enum'] will contain the translation ↔ value pairings
checkboxA true/false checkbox field.
urla URL
texta text box intended for longer values (ex: descriptions) than string
emailan email
dateDatepicker that formats the date as “YYYY-MM-DD”
integera non-negative integer field
file_uploadA field that allows multiple files to be uploaded. The file should be uploaded to the merchant file upload endpoint. The value of the field should then be a list of the ids of the files uploaded.
single_file_uploadA field that allows one file to be uploaded. The file should be uploaded to the merchant file upload endpoint. The value of the field should then be the id of the file uploaded.
terms_of_serviceShould be represented as a checkbox, but will also have an extra external_links field property that links to the actual service agreement(s)
multi_selectA field that allows a list of selected options. field_properties['items']['enum'] will contain the translation ↔ value pairings.

(2) field_properties

field_properties provide information on the properties of the field.

Property

Description

Example

enum

A dictionary of option ↔ value mapping. The option is localized based on locale

"enum": {
"Sole Proprietor": "sole_proprietor",
"Corporation": "corporation"
}

minLength

minimum length of the string/text

"minLength": 1

minimum

minimum value for fields of integer field_type

"minimum": 0

maximum

maximum value for fields of integer field_type

"maximum": 2147483647

format

Follows the possible built-in formats as specified by https://json-schema.org/understanding-json-schema/reference/string.html#built-in-formats
Currently only date or email

"format": "email"

pattern

Regex pattern for formatting values

"pattern": "^([() \-_+]_[0-9]){10}\[() \-_+0-9]\_$"

external_links

a list of URLs linking to hosted service agreements

"external_links": ["https://example.com"]

3. Upload files for seller merchant

Some field_types (single_file_upload, file_upload) require that files be uploaded via our merchant file API first, then the UUID(s) submitted as the value for the live_application.

Request File: Create API to upload the files for Seller Merchant onboarding.

We only accept jpg, png, and pdf formats. Besides, each file size should be smaller than 10MB.

curl -X POST https://komoju.com/api/v1/merchants/{id}/files \
  -u platform_merchant_secret_key: \
  -F "paper=/path/to/file"

The response will look like:

{
    "id": "6ssx1zxovw3fgmdsdd1zuzr5u",
    "resource": "file",
    "filename": "blank.png",
    "size": 998,
    "mime_type": "image/png",
    "created_at": "2023-01-10T12:16:00.819+09:00",
    "updated_at": "2023-01-10T12:16:01.085+09:00"
}

4. Submit fields

Based on the requested_fields received in step 2, information can now be submitted for the Seller Merchant via Live Application: Update API.

Here’s an example of submitting company_information.company_name

curl -X PATCH https://komoju.com/api/v1/live_application/{id} \
  -u platform_merchant_secret_key: \
  -d "company_information.company_name=My Company"

If successful, the response will include any additional required fields based on what was just submitted. In the case of company_name, newly_requested_fields will be blank as no additional fields rely on the value company_name.

An example ofnewly_requested_fields

If you submit sole_proprietor as the company_information.corporation_type

curl -X PATCH https://komoju.com/api/v1/live_application/{id} \
  -u platform_merchant_secret_key: \
  -d "company_information.corporation_type=sole_proprietor"

In the response, see that newly_requested_fields now includes sole_proprietor_proofs.

"newly_requested_fields": [
      {
          "field": "company_information.sole_proprietor_proofs",
          "field_name": "Sole proprietor proofs",
          "field_type": "file_upload",
          "field_properties": {}
      }
  ]

newly_requested_fields are only shown upon update and return new fields that should be added to the form as a result of the last update to live_application.

For fields that allow multiple values (multi_select, file_upload field_types)

Submit an array of values.

curl -X PATCH https://komoju.com/api/v1/live_application/{id} \
  -u platform_merchant_secret_key: \
  -d '{
    "visa_mastercard_credit_card.countermeasures_during_card_registration": 
      [ "access_restrictions_during_card_registration"]
  }'

5. Complete the Live Application

The required information may vary based on the seller's type (e.g., corporation, sole proprietorship). Our API responses will guide you through the entire onboarding process, providing additional fields under the requested_fields and newly_requested_fields arrays as needed.

The live application must be completed by filling out all fields until requested_fields, newly_requested_fields, and errored_fields are empty. At this stage, the status field of the application should be set to pending.

The information required typically falls into five categories:

(1) Acceptance of KOMOJU Service Agreements

To provide Platform Model service to your sellers, KOMOJU must establish a direct contractual relationship with them. It requires each Seller Merchant to consent to KOMOJU Merchant Services Terms of Use and Privacy Policy. As the Platform Merchant, you are responsible for ensuring your sellers agree to these terms when registering via your interfaces.

Referencing KOMOJU's service agreement

At a minimum, you must provide your sellers with links to the correct terms and obtain their explicit consent when starting the onboarding process. Here’s the recommended process:

  1. Request Live Application: Show API to retrieve the URLs of KOMOJU Merchant Services Terms of Use and Privacy Policy from service_agreement.agreed_to_tosfield.
  2. Display these terms to your sellers on your platform when they opt into the service.
  3. Submit your seller's consent back to KOMOJU via service_agreement.agreed_to_tosfield in Live Application: Update API.

Here’s an example of how to present our terms to your users via your interface.

(2) Company information

Below is a detailed list of the company-related information required for registration.

Field

Type

Optional

Description

company_information.company_country

dropdown

false

Country of company's entity.

  • Since only a Japanese entity is allowed to use our service at this moment, you must select JP.

company_information.corporation_type

radio

false

The type of company, eithercorporation or sole_proprietor

company_information.company_phone

phone_number

false

Company's phone number

company_information.share_capital_amount

integer

false

Company's share capital.

  • This field is required when the company type is corporation.

company_information.share_capital_currency

dropdown

false

The currency of the company's share capital.

  • This field is required when the company type is corporation.

company_information.registration_number

string

false

The corporate number is a 13-digit unique identifier for every Japanese corporation. (reference)

  • This field is required when the company type is corporation.

company_information.company_name

string

false

Company's name

company_information.company_name_kana

string

false

Company's Katakana name

company_information.company_name_alphabet

string

false

Company's Alphabet name

company_information.company_postal_code

string

false

Postal code of company's address

company_information.company_prefecture_state

string

false

Prefecture of company's address

company_information.company_prefecture_state_kana

string

false

Prefecture of company's address in Katakana

company_information.company_city

string

false

City of company's address

company_information.company_city_kana

string

false

City of company's address in Katakana

company_information.company_address

string

false

Company's address

company_information.company_address_kana

string

false

Company's address in Katakana

company_information.company_url

url

true

The URL of the company's official site.

company_information.industry_description

text

false

Description of the industry that the company belongs to

company_information.business_description

text

false

Description of the company's business

company_information.employee_number

integer

false

Number of employees

company_information.establishment_date

date

false

The date of the company's establishment

company_information.office_name

string

false

Name of the company's Customer Support Department.
(Please provide information that can be disclosed to Seller Merchant's customers.)

company_information.contact_email

email

false

Email to contact the company's Customer Support
(Please provide information that can be disclosed to Seller Merchant's customers.)

company_information.contact_phone

phone_number

false

Phone number to contact the company's Customer Support
(Please provide information that can be disclosed to your user's customers.)

company_information.sole_proprietor_proofs

file_upload

false

Provide proof of registration of sole proprietorship.

  • This field is required when the company type is sole_proprietor.

(3) Personal Information

Below is the required information for the Representative Director and Applicant.

For Corporations:

  • The Representative Director and Applicant can be the same person.
  • The Applicant must have the authority to make decisions on corporate contracts.

For Sole Proprietorships:

  • The Representative Director and Applicant should be the same person, so you only have to complete the representative_director fields.

Field

Type

Optional

Description

representative_director_information.first_name

string

false

Representative Director's first name

representative_director_information.first_name_kana

string

false

Representative Director's first name in Katakana

representative_director_information.last_name

string

false

Representative Director's last name

representative_director_information.last_name_kana

string

false

Representative Director's last name in Katakana

representative_director_information.date_of_birth

date

false

Representative Director's date of birth

representative_director_information.gender

radio

false

Representative Director's gender

representative_director_information.country

dropdown

false

Country of Representative Director's residence address

representative_director_information.postal_code

string

false

Postal code of Representative Director's residence address

representative_director_information.prefecture_state

string

false

Prefecture of Representative Director's residence address

representative_director_information.prefecture_state_kana

string

false

Prefecture of Representative Director's residence address in Katakana

representative_director_information.city

string

false

City of Representative Director's residence address

representative_director_information.city_kana

string

false

City of Representative Director's residence address in Katakana

representative_director_information.address

string

false

Address of Representative Director's residence address

representative_director_information.address_kana

string

false

Address of Representative Director's residence address in Katakana

representative_director_information.address_building_name

string

true

The building name of Representative Director's residence address.

representative_director_information.address_building_name_kana

string

true

The building name in Katakana of Representative Director's residence address.

representative_director_information.phone

string

false

Phone number of Representative Director

applicant_information.country

dropdown

false

Country of Applicant's residence address

  • This field is required when the company type is corporation.

applicant_information.first_name

string

false

Applicant's first name

  • This field is required when the company type is corporation.

applicant_information.first_name_kana

string

false

Applicant's first name in Katakana

  • This field is required when the company type is corporation.

applicant_information.last_name

string

false

Applicant's last name

  • This field is required when the company type is corporation.

applicant_information.last_name_kana

string

false

Applicant's last name in Katakana

  • This field is required when the company type is corporation.

applicant_information.gender

radio

false

Applicant's gender

  • This field is required when the company type is corporation.

applicant_information.date_of_birth

date

false

Applicant's date of birth

  • This field is required when the company type is corporation.

applicant_information.identity_document_type

dropdown

false

The copy of Applicant's identity document.

  1. Passport
  2. Driver's license
  3. ID card
  4. My Number Card- If the company is sole_proprietor, upload Representative Director's identity document.

applicant_information.identity_front

single_file_upload

false

Upload a picture or scan of the front side of the Applicant's identity document

  • If the company is sole_proprietor, upload Representative Director's identity document.

applicant_information.identity_back

single_file_upload

false

Upload a picture or scan of the back side of the Applicant's identity document

  • The back side is required if the doc type is either Driver's License or ID Card.

  • If the company is sole_proprietor, upload Representative Director's identity document.

(4) Site Information

Below is the required information related to your website.

  • The store address must match the one listed on the website that hosts the Specified Commercial Transactions Law URL.

Field

Type

Optional

Description

site_information.site_name

string

false

Site's name

  • Site Name should be consistent with the name of the actual store.

site_information.site_name_kana

string

false

Site's Katakana name

site_information.site_name_alphabet

string

false

Site's Alphabet name

site_information.site_url

string

false

Site's URL

site_information.note

string

true

If making a payment on Seller Merchant's store requires any login information or other credentials, please supply them here.
We may need to view the entire payment flow from the end-user perspective during screening.

site_information.establishment_date

date

false

The date of the site's establishment

site_information.industry_type

dropdown

false

The industry type of the site's services and products.

  • If you're unsure, please select other_not_listed_category.

site_information.site_annual_sales

integer

false

Annual sales forecast of the store

site_information.site_annual_sales_currency

dropdown

false

The currency of annual sales forecast

site_information.site_average_transactional_value

integer

false

The average order value of the store

site_information.site_average_transactional_currency

dropdown

false

The currency of the average order value

site_information.site_minimum_product_pricing_cents

integer

false

The minimum price of a product in the store

site_information.site_minimum_product_pricing_currency

dropdown

false

The currency of the minimum price

site_information.site_maximum_product_pricing_cents

integer

false

The maximum price of a product in the store

site_information.site_maximum_product_pricing_currency

dropdown

false

The currency of the maximum price

site_information.store_country

dropdown

false

The country of the store address.

  • The store address should match the one listed on the website that hosts the Specified Commercial Transactions Law URL.

site_information.store_postal_code

string

false

The postal code of the store address.

site_information.store_prefecture_state

string

false

The state of the store address

site_information.store_prefecture_state_kana

string

false

The state of the store address in Katakana

site_information.store_city

string

false

The city of the store address

site_information.store_city_kana

string

false

The city of the store address in Katakana

site_information.store_address

string

false

Store's address

site_information.store_address_kana

string

false

Store's address in Katakana

site_information.sctl_url

url

false

This represents Specified Commercial Transactions Law URL.

  • Please place the Specified Commercial Transactions Law page in a location that can be accessed directly from the top page.

  • Note: A Specified Commercial Transaction Act page is required when operating an online shop in Japan. During the review process, we check if the page exists and confirm the contents of the page. Please refer to this page for the appropriate content for the page.

site_information.sales_permit_required

radio

false

Does the seller's business require a sales permit to be able to sell the products described? (Secondhand Dealer License, Liquor Sales License, Cosmetics Manufacturing and Sales License, Pharmaceutical Sales License)

site_information.sales_permits

file_upload

false

Upload the copies of Sales permits if the answer is true in site_information.sales_permit_required

site_information.aup_accepted

terms_of_service

false

Please ensure the seller has acknowledged and agreed with the acceptable use policy.

(5) Bank Account information

Below is the required bank account information.

For Corporations:

  • You can only register a bank account under the same name as the corporation applying.

For Sole Proprietorships:

  • You can only register a bank account under the name of the representative or the business name.

Before proceeding, please read this guide to ensure the bank account information is entered correctly.

❗️

Possible payout delay

If the account holder name is incorrect, there may be a delay in receiving the payout. Please make sure to accurately enter the half-width kana name as it appears in your bank passbook.

Field

Type

Optional

Description

bank_account_information.transfer_type

dropdown

false

Limited to Japanese bank accounts. Therefore, the option is limited to domestic.

bank_account_information.default_frequency

dropdown

false

You can decide the frequency that KOMOJU pays out to your user, either weekly or monthly.

  • Learn more about payout frequency here

bank_account_information.zengin_bank_name

string

false

Bank's name

bank_account_information.zengin_bank_code

string

false

Bank's code

bank_account_information.zengin_branch_name

string

false

Bank branch's name

bank_account_information.zengin_branch_code

string

false

Bank branch's code

bank_account_information.zengin_account_type

dropdown

false

The bank account type, either ordinary or checking

bank_account_information.zengin_account_number

string

false

The bank account number.

  • Please refer to this guide before filling out. If the bank of your bank account is under ゆうちょ銀行, please also refer to this guide to see how to convert 8-digit ゆうちょ銀行's account number to 7 digits.

bank_account_information.zengin_account_holder_kana

string

false

Account holder's Katakana name.

  • If the account holder's name is incorrect, there may be a delay in receiving the payout. Please make sure to accurately enter the half-width kana name as it appears in your bank passbook.

bank_account_information.currency

dropdown

false

Limited to JPY option since we only support Japanese domestic bank accounts for payout.

6. Review submitted information

Request Live Application: Show again to review all submitted information. The submitted_fields array will display the information you’ve already provided.

7. Set up webhook

You can set up webhooks to subscribe to events and receive notifications when there are updates to the review status of a Seller Merchant's application.

  • Learn more about Webhook events for Platform Model here

8. Specify Seller Merchant's Owned Payment Methods

📘

Owned Payment Methods can only be selected from your Common Payment Methods

Please note that only the payment methods listed in your Common Payment Methods are available for selection as Owned Payment Methods. For more details, refer to here.

You will need to apply for the payment methods your Seller Merchant intends to use. To view applicable payment methods to apply for, use the Live Application: Payment Methods API which will return the following:

curl -X GET https://komoju.com/api/v1/live_application/{id}/payment_methods \
  -u platform_merchant_secret_key: \
  • submitted_payment_methodslists the payment methods Seller Merchant has already applied for.
  • unsubmitted_payment_methods lists the applicable payment methods Seller Merchant has not yet applied for.

To apply for a specific payment method, request Live Application: Update Payment Method API.

Below are the details when applying for each payment method:

(1) VISA/MasterCard

Payment methods: visa_mastercard_credit_card

Available for corporation andsole_proprietor

Note: 3D Secure 2.0 will be used for all credit card payments except some integration types. For more details, please see this article (Japanese).

To enable credit card payments for your Seller Merchant, you will have to provide additional information about their business.

1st stage questionnaire:

Field

Type

Optional

Description

shared_payment_method_data.has_processed_cc_before

checkbox

false

  • Question*: Has your user's business processed credit card transactions before?
  • Option*:
  1. True
  2. False

shared_payment_method_data.processes_card_info

checkbox

false

  • Question*: Does you user intend to save or process credit card details?
  • Option*:
  1. True
  2. False
    • Should select Falsehere since you should process the card instead of your seller.

shared_payment_method_data.conducts_door_to_door_sales

checkbox

false

  • Question*: Does your user's company operate Door-to-Door sales?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_telemarketing

checkbox

false

  • Question*: Does your company operate Telemarketing Sales?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_mlm_scheme

checkbox

false

  • Question*: Does your company operate Network Marketing?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_business_opportunity_scheme

checkbox

false

  • Question*: Does your company operate Business Opportunity (Biz-Opp)?
  • Option*:
  1. True
  2. False

shared_payment_method_data.provides_specified_continuous_services

checkbox

false

  • Question*: Does your company provide specified continuous services (aesthetic salon, beauty care, language class, tutoring, tutoring school, marriage introduction service, computer class)?
  • Option*:
  1. True
  2. False

shared_payment_method_data.violated_consumer_contract_act

checkbox

false

  • Question*: Has your business violated the Consumer Contract Act (消費者契約法) and lost a lawsuit due to the violation(s) in the past 5 years?
  • Option*:
  1. True
  2. False

shared_payment_method_data.violated_commercial_transaction_act

checkbox

false

  • Question*: Has your business violated the Specified Commercial Transaction Act (特定商取引法) in the past five years and lost a lawsuit due to the violation(s) in the past?
  • Option*:
  1. True
  2. False

2nd stage questionnaire: Reporting on Security Measures

KOMOJU has been requested by the Ministry of Economy, Trade and Industry (METI), the Japan Credit Association (JCA), and other organizations to request that EC merchants planning to introduce new credit card payment systems declare the status of their security measures based on the "Security Checklist" developed by the Credit Transaction Security Measures Council.
The "Security Checklist" is a list of basic security measures that the Credit Card Transaction Security Council has compiled as part of the security measures that merchants should implement in order to build and operate EC sites, and covers the basic security measures set forth in the "Credit Card Security Guidelines (Version 4.0)" published by METI. We request that merchants newly applying for credit card settlement services declare the security measures listed on the next page based on this checklist and agree to implement and maintain the security measures. We have received guidance that if you do not agree to follow the above guidelines, you should not enter into a contract with us. Thank you for your cooperation.

If you are a merchant who plans to introduce KOMOJU credit card payment systems, please indicate your implementation status of the following security measures. If the system has not yet been established, please answer on the premise that the items for each key measure will be satisfied upon completion of the establishment of the system. Also, please answer on the premise that the measures will be maintained not only at the time of signing a new franchise agreement, but also continuously after the agreement is signed.
In principle, all items must be checked for a contract to be concluded. However, since the status of installation of each security measure is dependent on the system environment of your company, please check with your internal system staff or contracted system developer before checking the status of each security measure. If your system is outsourced, please confirm the status of the outsourced system before responding to our inquiry.

Topic 1: Measures against inadequate access restrictions on the administrator's screen and administrator ID/PW mismanagement

Field

Type

Optional

Description

visa_mastercard_credit_card.access_restrictions

checkbox

false

  • Question*: Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

visa_mastercard_credit_card.mfa_implementation

checkbox

false

  • Question*: Adopt two-step or two-factor authentication to prevent unauthorized use of acquired accounts.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

visa_mastercard_credit_card.account_lock_v2

checkbox

false

  • Question*: In the login form of the administrator screen, enable the account lock function and lock the account after 10 or less failed login attempts (based on PCI DSS ver 4.0).
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 2: Measures against inadequate settings due to exposure of data directories

Field

Type

Optional

Description

visa_mastercard_credit_card.public_directories

checkbox

false

  • Question*: Do not place important files in public directories. (Make certain directories private. Place important files in directories other than public directories.)
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

visa_mastercard_credit_card.file_extension_restrictions

checkbox

false

  • Question*: Configure settings such as restricting file extensions and files that can be uploaded by web servers and web applications.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 3: Periodic vulnerability assessments or penetration tests, and measures to address web application vulnerabilities.

Field

Type

Optional

Description

visa_mastercard_credit_card.vulnerability_assessments

checkbox

false

  • Question*: Conduct periodic vulnerability assessments or penetration tests, and take necessary corrective actions.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

visa_mastercard_credit_card.sql_injection_and_xss_v2

checkbox

false

  • Question*: As measures against SQL injection vulnerabilities and cross-site scripting vulnerabilities, use the latest plug-ins (preferably those without such vulnerabilities) and upgrade software versions.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

visa_mastercard_credit_card.source_code_review

checkbox

false

  • Question*: If a web application is developed or customized, conduct a source code review to confirm that it has been securely coded. Check input values of input forms at the same time.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 4: Installation and operation of anti-virus software as measures against malware

Field

Type

Optional

Description

visa_mastercard_credit_card.anti_virus_software

checkbox

false

  • Question*: Install anti-virus software as measures against malware detection/removal, etc., and update signatures, perform periodic full scans, etc.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 5: Countermeasures against malicious validation and credit masters

Field

Type

Optional

Description

visa_mastercard_credit_card.against_validation_hack

checkbox

false

  • Question*: One or more of the following measures are implemented against malicious validation and credit masters*.
  • Restrict access from suspicious IP addresses
  • Restrict input from the same account and hide error content so that error content is not known in the event of an error
  • Identity verification, including EMV 3-D Secure and SMS notification
  • Take measures such as setting a limit on the number of validity checks.
    • Option*: 1. true= Implemented (*You do not need to take any additional measures if you have introduced 3D Secure via KOMOJU.)2. false= Not known

Topic 6: Countermeasures against unauthorized login

Field

Type

Optional

Description

visa_mastercard_credit_card.have_countermeasures_against_unauthorized_login

checkbox

false

  • Question*: Does your site have a user login function (i.e., register/maintain a credit card number and log in to use that card number)?
  • Option*:
  1. true= Yes
  2. false= No

Topic 7: If you answered true to the visa_mastercard_credit_card.have_countermeasures_against_unauthorized_login, please answer the following questions regarding the anti-fraud login measures implemented in your system. (According to the rules of the Japan Credit Association, one or more of the measures listed below must be implemented in each of the following situations: member registration, member login authentication, and user attribute information change.)

Field

Type

Optional

Description

visa_mastercard_credit_card.countermeasures_during_card_registration

multi_select

false

  • Question*: Please check if you have implemented effective measures to prevent fraudulent use at the time of member registration (credit card number registration).
  • Option*:
  1. access_restrictions_during_card_registration
  2. mfa_implementation_during_card_registration
  3. user_information_validation_during_card_registration
  4. fraud_detection_system_during_card_registration
  • access_restrictions_during_card_registration: Restrict access from suspicious IP addresses
  • mfa_implementation_during_card_registration: Identification by two-factor authentication, etc.
  • user_information_validation_during_card_registration: Confirmation of personal information at the time of member registration
  • fraud_detection_system_during_card_registration: Fraud detection system (Fraud service)

Field

Type

Optional

Description

visa_mastercard_credit_card.countermeasures_during_authentication

multi_select

false

  • Question*: Please check if you have implemented effective countermeasures against fraudulent logins during login authentication after member registration.
  • Option*:
  1. access_restrictions_during_authentication
  2. mfa_implementation_during_authentication
  3. login_attempt_restriction_during_authentication
  4. login_notification_during_authentication
  5. device_fingerprint_during_authentication
  • access_restrictions_during_authentication: Restrict access from suspicious IP addresses
  • mfa_implementation_during_authentication: Identification by two-factor authentication, etc.
  • login_attempt_restriction_during_authentication: Tighten limits on the number of login attempts (to address account password cracking)
  • login_notification_during_authentication: Email and SMS notifications upon login, throttling, etc.
  • device_fingerprint_during_authentication: Device fingerprints, etc.

Field

Type

Optional

Description

visa_mastercard_credit_card.countermeasures_during_user_data_modification

multi_select

false

  • Question*: Please check if you have implemented effective measures to prevent fraudulent use when changing member attributes (name, address, email address, etc.) after login.
  • Option*:
  1. access_restrictions_during_user_data_modification
  2. mfa_implementation_during_user_data_modification
  3. fraud_detection_system_during_user_data_modification
  • access_restrictions_during_user_data_modification: Restrict access from suspicious IP addresses
  • mfa_implementation_during_user_data_modification: Identification by two-factor authentication, etc.
  • fraud_detection_system_during_user_data_modification: Fraud detection system (Fraud service)

(2) JCB/AMEX/Diners (Japan)

Payment methods: jcb_amex_diners_credit_card

Available for corporation andsole_proprietor

Note: 3D Secure 2.0 will be used for all credit card payments except some integration types. For more details, please see this article (Japanese).

To enable credit card payments for your Seller Merchant, you will have to provide additional information about their business.

1st stage questionnaire:

Field

Type

Optional

Description

shared_payment_method_data.has_processed_cc_before

checkbox

false

  • Question*: Has your user's business processed credit card transactions before?
  • Option*:
  1. True
  2. False

shared_payment_method_data.processes_card_info

checkbox

false

  • Question*: Does you user intend to save or process credit card details?
  • Option*:
  1. True
  2. False
    • Should select Falsehere since you should process the card instead of your seller.

shared_payment_method_data.conducts_door_to_door_sales

checkbox

false

  • Question*: Does your user's company operate Door-to-Door sales?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_telemarketing

checkbox

false

  • Question*: Does your company operate Telemarketing Sales?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_mlm_scheme

checkbox

false

  • Question*: Does your company operate Network Marketing?
  • Option*:
  1. True
  2. False

shared_payment_method_data.conducts_business_opportunity_scheme

checkbox

false

  • Question*: Does your company operate Business Opportunity (Biz-Opp)?
  • Option*:
  1. True
  2. False

shared_payment_method_data.provides_specified_continuous_services

checkbox

false

  • Question*: Does your company provide specified continuous services (aesthetic salon, beauty care, language class, tutoring, tutoring school, marriage introduction service, computer class)?
  • Option*:
  1. True
  2. False

shared_payment_method_data.violated_consumer_contract_act

checkbox

false

  • Question*: Has your business violated the Consumer Contract Act (消費者契約法) and lost a lawsuit due to the violation(s) in the past 5 years?
  • Option*:
  1. True
  2. False

shared_payment_method_data.violated_commercial_transaction_act

checkbox

false

  • Question*: Has your business violated the Specified Commercial Transaction Act (特定商取引法) in the past five years and lost a lawsuit due to the violation(s) in the past?
  • Option*:
  1. True
  2. False

2nd stage questionnaire: Reporting on Security Measures

KOMOJU has been requested by the Ministry of Economy, Trade and Industry (METI), the Japan Credit Association (JCA), and other organizations to request that EC merchants planning to introduce new credit card payment systems declare the status of their security measures based on the "Security Checklist" developed by the Credit Transaction Security Measures Council.
The "Security Checklist" is a list of basic security measures that the Credit Card Transaction Security Council has compiled as part of the security measures that merchants should implement in order to build and operate EC sites, and covers the basic security measures set forth in the "Credit Card Security Guidelines (Version 4.0)" published by METI. We request that merchants newly applying for credit card settlement services declare the security measures listed on the next page based on this checklist and agree to implement and maintain the security measures. We have received guidance that if you do not agree to follow the above guidelines, you should not enter into a contract with us. Thank you for your cooperation.

If you are a merchant who plans to introduce KOMOJU credit card payment systems, please indicate your implementation status of the following security measures. If the system has not yet been established, please answer on the premise that the items for each key measure will be satisfied upon completion of the establishment of the system. Also, please answer on the premise that the measures will be maintained not only at the time of signing a new franchise agreement, but also continuously after the agreement is signed.
In principle, all items must be checked for a contract to be concluded. However, since the status of installation of each security measure is dependent on the system environment of your company, please check with your internal system staff or contracted system developer before checking the status of each security measure. If your system is outsourced, please confirm the status of the outsourced system before responding to our inquiry.

Topic 1: Measures against inadequate access restrictions on the administrator's screen and administrator ID/PW mismanagement

Field

Type

Optional

Description

jcb_amex_diners_credit_card.access_restrictions

checkbox

false

  • Question*: Restrict IP addresses accessible to administrators; if IP addresses cannot be restricted, set access restrictions such as basic authentication on the administrator screen.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

jcb_amex_diners_credit_card.mfa_implementation

checkbox

false

  • Question*: Adopt two-step or two-factor authentication to prevent unauthorized use of acquired accounts.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

jcb_amex_diners_credit_card.account_lock_v2

checkbox

false

  • Question*: In the login form of the administrator screen, enable the account lock function and lock the account after 10 or less failed login attempts (based on PCI DSS ver 4.0).
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 2: Measures against inadequate settings due to exposure of data directories

Field

Type

Optional

Description

jcb_amex_diners_credit_card.public_directories

checkbox

false

  • Question*: Do not place important files in public directories. (Make certain directories private. Place important files in directories other than public directories.)
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

jcb_amex_diners_credit_card.file_extension_restrictions

checkbox

false

  • Question*: Configure settings such as restricting file extensions and files that can be uploaded by web servers and web applications.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 3: Periodic vulnerability assessments or penetration tests, and measures to address web application vulnerabilities.

Field

Type

Optional

Description

jcb_amex_diners_credit_card.vulnerability_assessments

checkbox

false

  • Question*: Conduct periodic vulnerability assessments or penetration tests, and take necessary corrective actions.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

jcb_amex_diners_credit_card.sql_injection_and_xss_v2

checkbox

false

  • Question*: As measures against SQL injection vulnerabilities and cross-site scripting vulnerabilities, use the latest plug-ins (preferably those without such vulnerabilities) and upgrade software versions.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

jcb_amex_diners_credit_card.source_code_review

checkbox

false

  • Question*: If a web application is developed or customized, conduct a source code review to confirm that it has been securely coded. Check input values of input forms at the same time.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 4: Installation and operation of anti-virus software as measures against malware

Field

Type

Optional

Description

jcb_amex_diners_credit_card.anti_virus_software

checkbox

false

  • Question*: Install anti-virus software as measures against malware detection/removal, etc., and update signatures, perform periodic full scans, etc.
  • Option*:
  1. true= Implemented (to be implemented)
  2. false= Not known

Topic 5: Countermeasures against malicious validation and credit masters

Field

Type

Optional

Description

jcb_amex_diners_credit_card.against_validation_hack

checkbox

false

  • Question*: One or more of the following measures are implemented against malicious validation and credit masters*.
  • Restrict access from suspicious IP addresses
  • Restrict input from the same account and hide error content so that error content is not known in the event of an error
  • Identity verification, including EMV 3-D Secure and SMS notification
  • Take measures such as setting a limit on the number of validity checks.
    • Option*:1. true= Implemented (*You do not need to take any additional measures, if your Platform Merchant may clear this item by introducing 3D Secure at KOMOJU.)2. false= Not known

Topic 6: Countermeasures against unauthorized login

Field

Type

Description

jcb_amex_diners_credit_card.have_countermeasures_against_unauthorized_login

checkbox

  • Question*: Does your site have a user login function (i.e., register/maintain a credit card number and log in to use that card number)?
  • Option*:
  1. true= Yes
  2. false= No

Topic 7: If you answered true to the jcb_amex_diners_credit_card.have_countermeasures_against_unauthorized_login, please answer the following questions regarding the anti-fraud login measures implemented in your system. (According to the rules of the Japan Credit Association, one or more of the measures listed below must be implemented in each of the following situations: member registration, member login authentication, and user attribute information change.)

Field

Type

Optional

Description

jcb_amex_diners_credit_card.countermeasures_during_card_registration

multi_select

false

  • Question*: Please check if you have implemented effective measures to prevent fraudulent use at the time of member registration (credit card number registration).
  • Option*:
  1. access_restrictions_during_card_registration
  2. mfa_implementation_during_card_registration
  3. user_information_validation_during_card_registration
  4. fraud_detection_system_during_card_registration
  • access_restrictions_during_card_registration: Restrict access from suspicious IP addresses
  • mfa_implementation_during_card_registration: Identification by two-factor authentication, etc.
  • user_information_validation_during_card_registration: Confirmation of personal information at the time of member registration
  • fraud_detection_system_during_card_registration: Fraud detection system (Fraud service)

Field

Type

Optional

Description

jcb_amex_diners_credit_card.countermeasures_during_authentication

multi_select

false

  • Question*: Please check if you have implemented effective countermeasures against fraudulent logins during login authentication after member registration.
  • Option*:
  1. access_restrictions_during_authentication
  2. mfa_implementation_during_authentication
  3. login_attempt_restriction_during_authentication
  4. login_notification_during_authentication
  5. device_fingerprint_during_authentication
  • access_restrictions_during_authentication: Restrict access from suspicious IP addresses
  • mfa_implementation_during_authentication: Identification by two-factor authentication, etc.
  • login_attempt_restriction_during_authentication: Tighten limits on the number of login attempts (to address account password cracking)
  • login_notification_during_authentication: Email and SMS notifications upon login, throttling, etc.
  • device_fingerprint_during_authentication: Device fingerprints, etc.

Field

Type

Optional

Description

jcb_amex_diners_credit_card.countermeasures_during_user_data_modification

multi_select

false

  • Question*: Please check if you have implemented effective measures to prevent fraudulent use when changing member attributes (name, address, email address, etc.) after login.
  • Option*:
  1. access_restrictions_during_user_data_modification
  2. mfa_implementation_during_user_data_modification
  3. fraud_detection_system_during_user_data_modification
  • access_restrictions_during_user_data_modification: Restrict access from suspicious IP addresses
  • mfa_implementation_during_user_data_modification: Identification by two-factor authentication, etc.
  • fraud_detection_system_during_user_data_modification: Fraud detection system (Fraud service)

(3) PayPay

Payment methods: paypay

Available for corporation andsole_proprietor

The following information is required when applying for PayPay:

Field

Type

Optional

Description

paypay.accepted_paypay_tos

terms_of_service

false

Seller Merchant has read and agreed with the following terms and conditions and privacy policy. and also agrees to be contacted by PayPay regarding sales promotions.

  1. PayPay加盟店規約
  2. PayPay加盟店ガイドライン
  3. 自治体等およびふるさと納税ポータルサイト運営会社への加盟店情報連携の同意について

(4) Merpay

Payment methods: merpay

Available for corporation only.

The following information is required when applying for Merpay:

Field

Type

Optional

Description

merpay.accepted_merpay_tos

terms_of_service

false

Seller Merchant has read and agreed with the following terms and conditions and privacy policy.

  1. メルペイ加盟店規約
  2. メルペイプライバシーポリシー

shared_payment_method_data.privacy_policy_url

string

false

URL of your user's privacy policy

(5) Bank Transfer

Payment methods: bank_transfer

Available for corporation andsole_proprietor

No additional information is required when applying for Bank Transfer.

(6) Pay-easy

Payment methods: pay_easy

Available for corporation andsole_proprietor

No additional information is required when applying for Pay-easy.

(7) Konbini

Payment methods: convenience_store

Available for corporation andsole_proprietor

The following information is required when applying for Merpay:

FieldTypeOptionalDescription
shared_payment_method_data.open_timestringfalseOpening time of Seller Merchant's customer service
shared_payment_method_data.close_timestringfalseClosing time of Seller Merchant's customer service
convenience_store.expected_number_of_paymentsintegerfalseSeller Merchant's expected number of transactions per month

(8) 7-Eleven

Payment methods: seven_eleven

Available for corporation only

For 7-Eleven payment, there is a screening process to ensure that the site and operation are in line with the regulations set by 7-Eleven. To enable 7-Eleven payments, your site must meet all the following requirements.

The expected review time is approximately one to two months after applying.

During the review process, both 7-Eleven and the KOMOJU Support Team may contact your user individually for confirmation or suggestions.

The following information is required when applying for 7-Eleven:

Field

Type

Optional

Description

shared_payment_method_data.open_time

string

false

Opening time of Seller Merchant's customer service

shared_payment_method_data.close_time

string

false

Closing time of Seller Merchant's customer service

seven_eleven.no_direct_delivery_from_producer

checkbox

false

  • Description*: 7-Eleven payment is not available for products that are shipped directly from the place of production or from the manufacturer. Products must be in your own warehouse or contracted warehouse for immediate delivery at the time of order.
  • Checkbox*: No products are shipped directly from the place of production or from the manufacturer

seven_eleven.no_ticket_sales

checkbox

false

  • Description*: Admission tickets, spectator tickets, and other "ticket sales" cannot be handled.
  • Checkbox*: No tickets are sold

seven_eleven.correct_flow_for_order_items

checkbox

false

  • Description*: If you have products that are on backorder or made-to-order, the flow must be such that orders are accepted only after the products have arrived at your store or warehouse.
  • Checkbox*: We follow the above flow

seven_eleven.delivery_within_two_months

checkbox

false

  • Description*: Made-to-order products (custom-made) and pre-order products (pre-launch products) must be shipped within two months of ordering.
    In addition, the specific date of shipment or arrival must be clearly indicated on the website for each product. [Recommended] Delivery on YYYY/MM/DD (specific date) [Acceptable] Delivery in early YYYY/MM (specified in the form of early, mid, or late month) [Not Acceptable] Delivery in YYYY/MM, after YYYY/MM, delivery from YYYY/MM, etc\

  • Checkbox*: Sales of made-to-order and pre-order products are made in accordance with the above regulations

seven_eleven.all_items_are_cheaper_than_konbini_limit

checkbox

false

  • Description*: If you have merchandise that requires more than 300,000 yen per transaction, your site must clearly indicate "Konbini Payment(s) cannot be used for payments over 300,000 yen"
    If you handle transactions exceeding 300,000 yen and the above information cannot be confirmed on your website, the screening process will take longer.\

  • Checkbox*: Our merchandise meets the above regulation

seven_eleven.display_sales_permit_number

checkbox

false

  • Description*: If you have products that require a sales license, you must clearly state the license number on your website. Also, if you are dealing with cosmetics, health foods, or supplements, please make sure that the description and sales are in accordance with the Pharmaceutical Affairs Law ( https://www.mhlw.go.jp/shingi/2006/05/dl/s0525-4e.pdf ).
  • Checkbox*: Acknowledged

seven_eleven.order_fee_is_displayed

checkbox

false

  • Description*: Shipping costs must be clearly listed on the site in an easy to understand manner by region or by product size. They should also be available for review before adding items to the shopping cart.
  • Checkbox*: Users can check the shipping cost before adding items to the shopping cart

seven_eleven.no_international_transaction

checkbox

false

  • Description*: 7-Eleven payment can only be used within Japan. 7-Eleven payment cannot be used for overseas orders or shipments. We also cannot provide 7-Eleven payment for non-Japanese websites.
  • Checkbox*: We will not use 7-Eleven payment for international orders, international shipping, or non-Japanese websites

seven_eleven.provided_info_matches_sctl

checkbox

false

  • Description*: The application information you submitted to KOMOJU and the content of the "Notation based on Act of Specified Commercial Transactions" page must match.
  • Checkbox*: There are no discrepancies between the information submitted to KOMOJU and the content of the "Notation based on Act of Specified Commercial Transactions" page

seven_eleven.sctl_page_has_phone_number

checkbox

false

  • Description*: You phone number must be displayed on the "Notation based on Act of Specified Commercial Transactions" page.The phone number must be a landline number, cell phone numbers are not acceptable. If your phone number is different than the one specified on the "Notation based on Act of Specified Commercial Transactions" page, please enter your new phone number in the "Notes" section at the bottom of the form.
  • Checkbox*: The phone number is displayed on the "Notation based on Act of Specified Commercial Transactions" page

seven_eleven.product_pages_are_public

checkbox

false

  • Description*: Are the product pages ready and publicly accessible?
  • Checkbox*: Product pages are ready and publicly accessible

seven_eleven.have_sold_as_regular_price

checkbox

false

  • Description*: If the product or service you are selling is listed with a regular price and a discounted price, do you have a record of selling it at the regular price?
    Please make sure that you are not in violation of the Act against Unjustifiable Premiums and Misleading Representations. https://www.caa.go.jp/policies/policy/representation/fair_labeling/representation_regulation/double_price/\

  • Checkbox*: We have a track record of selling our products at both regular and discounted prices/this regulation does not apply to our product or service

seven_eleven.site_is_public

checkbox

false

  • Description*: Is the site URL accessible? If login is required, please write "ID/PW for site viewing" and include the login information in the "Notes" section at the bottom of the form.
  • Checkbox*: Site is accessible

seven_eleven.note

string

true

  1. Share the login credential here if ID/PW is required to access your user's site.
  2. If your phone number is different than the one specified on the "Notation based on Act of Specified Commercial Transactions" page, please enter your new phone number here.

9. (Test environment only) Simulate the Live application status

Once you complete the merchant application and at least one Owned Payment Method application, you'll be able to simulate the result of KOMOJU's review.

(1) Simulate Merchant Application status

Request Live Application: Simulate Status API to simulate whether the merchant application will be accepted or declined.

(2) Simulate Owned Payment Method Application status

Request Live Application: Simulate Payment Method Status API to simulate the status (accepted or declined) of an Owned Payment Method application.