Security Initiatives at Mercari Group

Read about what we do at Mercari Group to enhance our security measures and protect your information and assets.


Data Protection

Data handled by Mercari Group (including the personal information of customers) is protected in accordance with industry best practices.

Secure Design and Secure Programming

Security Requirements Consulting

The Mercari Security team is available for all employees to consult with about any security concerns or questions they may have, and works closely with stakeholders to define security requirements for our products.

Secure Design Review

Major releases undergo a design review by the Product Security team. The Mercari Group follows a shift-left security philosophy and the Security team is involved from the initial stages of the software development lifecycle, ensuring the quality and security of all releases early and throughout every stage of their development.

Secure Coding Best Practices

The Mercari Security team maintains internal secure coding guidelines based on industry best practices, to help ensure quality and security in our applications.

Security Testing

Pre-release testing

Major releases undergo pre-release testing by the Product Security team.
Testing follows a threat modeling based methodology, and aims to discover and eliminate potential vulnerabilities with a focus on well-known and common vulnerabilities.

Automated Security Tooling

The Product Security team maintains tooling for frequent static and dynamic analysis of applications to detect potential vulnerabilities. All vulnerabilities found through this scanning follow our vulnerability management workflow to ensure swift remediation.

Third Party Penetration Testing

Penetration testing of our application and corporate environment is carried out periodically by external parties to ensure an objective evaluation of our security measures and pick up anything we may have missed in-house.

Security Training

In-house Security Training

All employees take our in-house security training at the time of joining the company, and security training is provided on a regular basis in order to improve employee’s awareness.
The Security team also provides various security e-learning courses through the company’s learning management system.

Security Champion Program

In addition to training aimed at all employees, the Security team provides a Security Champion Program aimed at developers.
This program enables developers from each domain team to build hands-on security experience, and take greater responsibility in ensuring the security of their domains.

Threat Monitoring and Handling

Monitoring and Analysis

The Security team monitors systems for various indicators of attack, such as unauthorized access attempts and malware infection. The team responds promptly to significant security events and conducts a thorough investigation of potential threats.
A Security Orchestration, Automation and Response (SOAR) tool (developed and maintained in-house) is used to centralize, monitor, and respond to alerts allowing us to adapt and respond to threats rapidly.


Protecting our users from malicious phishing attacks is a priority.
We work with external organizations and have countermeasures in place to ensure we can take-down phishing sites as quickly as possible.

Nippon CSIRT Association Member

The Mercari Group is a member of the Nippon CSIRT Association.

Information Security Policy at Mercari Group

Information Security Policy at Mercari Group

Read more