One Time Password (OTP) ServiceApplication required

One Time Password (OTP) is a single-use password required each time you use the Unregistered Account Transfers Service on online banking, when changing your address and telephone number, or when registering Overseas Remittance (Foreign Currency) on online banking. OTP is composed of a six-digit number for a high level of security. And, when making a transfer to an unregistered account, a per-transaction authentication is required for each transaction, in addition to the current identity verification using a One Time Password to prevent unauthorized transfers.

What is a Token?

A token is a compact device* that generates One Time Passwords (OTP) and Transaction Signing Code used to verify your identity when performing certain the transactions via online banking.

With a token-based OTP Service, you can display a One Time Password and a Transaction Signing Code at any time, by pressing the button on your token. This will reduce the risk of unauthorized transfers, unauthorized transactions etc., by a third party, increasing the safety of your transactions.

  • *One Time Password (OTP) becomes invalid once signed off from online banking and will also become invalid a fixed time after issue.
  • *For making a transfer to an unregistered account, a per-transaction authentication (Transaction Signing Code) is required for each transaction.
  • *An OTP / Transaction Signing Code is displayed on a token for approximately 40 seconds. The token is a small card-shaped device measuring 7cm × 4.5cm × 3mm.

One Time Password


How to Apply and Use

How to Apply


Sign on to online banking.

Sign on to online banking.

  • *Connecting to "One Time Password (OTP)" menu from above.

Navigation Menu: One Time Password (OTP)


Click "Apply for Token".


Read and agree to the "Terms and Conditions for One Time Password (OTP) Service". Click 'Apply' button after ticking the checkbox on your agreement.

  • *Please download the 'Download "Terms and Conditions for One Time Password (OTP) Service"' first before ticking the checkbox.


Application completion page appears.


The token will be sent to your registered home address by registered mail. It will be ready for use when you receive your token.

For further details regarding application for token, click here.

Using the One Time Password (OTP) Service

For further details regarding how to use your token to generate One Time Password (OTP), Transaction Signing Code etc., for each transaction, check below.

Important Notes

  • *There will be no fee for issuing initial tokens.
  • *Tokens are provided only for usage inside Japan. Tokens cannot be delivered to overseas addresses. Customer with overseas addresses will need to register the payee in advance in order to execute fund transfers. Note that overseas applicants for tokens will not be informed separately in advance that tokens will not be delivered overseas. Your understanding is appreciated.
  • *Tokens cannot be taken to or used in countries or territories where they are not allowed or are otherwise restricted. You cannot take to or use tokens in such countries or territories.
  • *You cannot apply for a token after around one week from when you request to change your registered home address.
  • *Do not keep or use tokens under hot or humid conditions.

Frequently Asked Questions about the OTP Service

For further details regarding Frequently Asked Questions about the OTP Service, click here.

FAQs about the OTP Service

Preventable crime cases

Virtual Pad

Entering your PIN or password using the Virtual Pad displayed on your computer screen to use PRESTIA Online effectively protects you from password theft that monitors your keyboard strokes.

How to Use

Using the Virtual Pad is easy. Just click "Virtual Keypad" on the PRESTIA Online sign on screen.

For character and numeric input For numeric input

Preventable crime cases

Using encryption technology

Protect customer information with strong encryption method.
Customer information is encrypted to protect it during transmission. SMBC Trust Bank's online banking service uses strong encryption for its encryption method.

Preventable crime cases

Digitally signed e-mails (S/MIME)

We add a digital signature to e-mail messages*1 it sends to its customers, etc. By adding a digital signature, it is possible to confirm that:

  1. the message was sent by SMBC Trust Bank.
  2. the message will not be tempered during an email transmission over the Internet.

The use of digital signatures is an effective measure against phishing e-mails, allowing recipients to confirm the sender's authenticity. For details about phishing scams, please click here.

  • *1 The following e-mail messages will be sent without a digital signature.
    • E-mail messages sent from an SMBC Trust Bank employee
      • If you receive a suspicious message using the name of an SMBC Trust Bank employee, please contact us.
    • Messages sent to a mobile phone
      • As mobile phone carriers, as well as mobile phone devices, do not accept digital signatures, we will send messages to mobile phone without a digital signature.
    • E-mail messages regarding account opening procedures when a bank account is newly opened via the Internet
    • Certain e-mail questionnaires sent from us
    • Notifications regarding the procedures at GLOBAL PASS Member's Website.

What is a digital signature?

A digital signature is used to validate the authenticity of the person creating a document on the Internet. It is equivalent of a handwritten signature or stamped seal on a paper document.
In addition, when adding a digital signature, a digital certificate, which is a digital ID on the Internet, is used as a way to verify the identity of the party of the digital signature. This is equivalent of a paper-based seal registration certificate. Digital certificates are issued by a certificate authority, a trusted third party. SMBC Trust Bank obtains digital certificates from Cybertrust Japan Co., Ltd.* as a trusted third party.

  • *Cybertrust Japan Co., Ltd. provides overall information security services, including the issuance of server certificates that confirm the authenticity of a website. It is widely recognized as a trusted issuer of digital certificates by various e-mail software.

Digitally signed e-mails

SMBC Trust Bank uses S/MIME* encryption when sending digitally signed e-mails. S/MIME is an advanced certificate for encrypting and signing e-mails on the electronic e-mailing system and uses PKI (Public Key Infrastructure). When sending a digitally signed e-mail message using S/MIME, the sender adds a digital signature to both the message text and the digital certificate, attaches the certificate to the message as an attachment, and then sends the message.

  • *S/MIME: Secure Multipurpose Internet Mail Extensions, an e-mail encryption standard

How to confirm that a digitally signed e-mail is authentic

SMBC Trust Bank Address: SMBC Trust Bank Subject: E-mail Notification Service Dear Customers, [Main text follows...] 1.Attach the SMBC Trust Bank digital certificate 2. Add a digital signature 3.Send the message Customers Address: SMBC Trust Bank Subject: E-mail Notification Service Dear Customers, [Main text follows...] 4.Receive a message 5.Check the digital signature 6.Check that the certificate was issued by a trusted entity * Customers should check the following: 1.There is no security alert. 2.The address of the sender is 3.The digital certificate was issued by Cybertrust Japan SureMail CA G4. Trusted Certificate Authority Issue digital certificates, public keys and private keys Registered on the PC as "trusted" in advance

Important Notes

  • In order to use digitally signed e-mails, you must use an e-mail software that is compatible with S/MIME on your PC.
  • When you use a web-based email, mobile e-mail, or an e-mail software that is not compatible with S/MIME on your PC, you can view the e-mail message but the digital certificate will be attached as "smime.p7s" file. *You will not be able to check the digital signature even if you open this attachment file.

Preventable crime cases

Using a firewall to block external access

Blocks unauthorized external access. Online banking uses a security system called a firewall to protect against unauthorized external access.

Preventable crime cases

Automatic sign-off

Automatically signs you off after a set amount of time with no activity.

Advance payee registrationApplication required

Registering payees in advance can prevent unauthorized transfers or remittances.

Fund Transfer and Remittance Payee Registration

Other services

Contact Us

What to do if you have revealed your personal information!

Please contact us immediately in the following cases. As per your request, we promptly change PIN, suspend the card or reissue the card.
  • Personal information such as account number, personal identification number (Domestic Cash Card PIN, Debit PIN, T-PIN) or 16-digit GLOBAL PASS card number is stolen.
  • Had your card lost or stolen.
  • Noticed an unfamiliar transaction by receiving a PRESTIA Alert Service E-mail or checking your account activities.

Contact Us