Account Security
- Login With a Passkey Instead of a Password
Passkeys are a more secure alternative to passwords that provide strong protection against phishing. Instead of using a password, you can log in using your face ID, fingerprint, or PIN. Follow the instructions here to register a passkey.
- For Password Users, Create a Strong Unique Password
The longer your password, the stronger it gets. Although Mercari enforces a minimum password length of 8 characters, we recommend using a password that’s at least 15 characters long and contains a mix of letters, numbers, lowercase letters, and special symbols. Use different passwords for different services. If one of your accounts gets compromised, reusing the same password could allow attackers to access your other accounts. Use a password manager to generate and store unique, strong passwords. For additional security, use multi-factor authentication (MFA).
- Keep Your Phone Number Updated
We will send important information to your phone including two-factor authentication codes for login. Make sure your registered phone number is up to date. If you aren’t sure how to check or update your phone number, see our guide to changing your verified phone number.
- Keep Your Software and Apps Updated
Older versions may contain known vulnerabilities that bad actors can exploit to compromise your data. Make sure you install the updates only from official sources.
- Be Aware of Phishing Sites
If you receive suspicious emails or text messages claiming to be from Mercari, please report them by forwarding them to phish@mercari.com. Be vigilant against phishing messages, avoid clicking on links, and do not input any sensitive information on suspicious websites. Read more about phishing here.
- Contact Us if You Lose Your Device
If you lose a device logged into your Mercari account, contact us through the app and we’ll take action immediately so no one else can use your account. For more instructions, see our guide to contacting us about a lost device.
- Do Not Share Your Mercari Account with Third Parties
Account sharing is strictly prohibited by Mercari’s Terms of Service. Letting someone else use your account may lead to unauthorized access to your personal information, identity theft, and financial fraud.
- Check Your Login History
Regularly check login history and email notifications from Mercari to ensure there are no suspicious logins or transitions you do not recognize. You can check your account’s login history by going to the Login History page.
- Remove Your iD Information When Switching Devices
If you’re registered for iD payments on Merpay, we recommend removing the iD information from the Mercari app on your old device before starting to use your new device. To learn how to do this, see our guide to switching devices.
If You Suspect Your Account Has Been Compromised
If you notice any suspicious activity on your account, immediately take the steps below to secure your account.
- Confirm Your Login History
Check your login history via the Login History Page and terminate all suspicious login sessions.
- Change Your Password
Confirm that the email address linked to your account is also not compromised and change the password for your Mercari account.
- Ensure Security of Third Party Accounts Linked to Your Mercari Account
Mercari offers the option to log in using third-party accounts (log in with Facebook, Sign in with Apple etc.). If you use a third-party account to log in to Mercari, make sure that this account hasn’t been compromised and is secured too.
- Contact Us Immediately If You Noticed Unauthorized Transactions
Contact us immediately if you notice any unauthorized transactions on your account or need help securing your Mercari account.
- Block the Use of Your Mercard Credit Card
If you are using a physical or virtual Mercari credit card (Mercard), you can request your card to be blocked from the app to prevent abuse.