[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:mercari-merpay-id":3},{"meta":4,"markdown":137},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"summary":11,"publishedAt":12,"image":13,"vocabulary":14},"article","tech-mercari-merpay-id","mercari-merpay-id","メルペイのID基盤 — eKYC・本人確認の技術","Merpay's Identity Infrastructure — Technology for eKYC and Identity Verification","tech","An overview of Merpay's identity infrastructure: eKYC document and face verification, compliance with the Act on Prevention of Transfer of Criminal Proceeds, account aggregation, and security architecture.\n","2026-04-27T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Ftech-mercari-merpay-id.png",[15,20,25,29,33,37,41,45,49,53,57,61,65,69,73,77,81,85,89,93,97,101,105,109,113,117,121,125,129,133],{"word":16,"reading":17,"meaning":18,"level":19},"本人確認","ほんにんかくにん","identity verification","N1",{"word":21,"reading":22,"meaning":23,"level":24},"確認","かくにん","verification","N2",{"word":26,"reading":27,"meaning":28,"level":19},"顔認証","かおにんしょう","face authentication",{"word":30,"reading":31,"meaning":32,"level":24},"撮影","さつえい","photographing",{"word":34,"reading":35,"meaning":36,"level":24},"提出","ていしゅつ","submission",{"word":38,"reading":39,"meaning":40,"level":24},"書類","しょるい","documents",{"word":42,"reading":43,"meaning":44,"level":24},"規制","きせい","regulation",{"word":46,"reading":47,"meaning":48,"level":19},"法令","ほうれい","laws and ordinances",{"word":50,"reading":51,"meaning":52,"level":19},"遵守","じゅんしゅ","compliance",{"word":54,"reading":55,"meaning":56,"level":24},"犯罪","はんざい","crime",{"word":58,"reading":59,"meaning":60,"level":24},"移転","いてん","transfer",{"word":62,"reading":63,"meaning":64,"level":24},"防止","ぼうし","prevention",{"word":66,"reading":67,"meaning":68,"level":24},"収益","しゅうえき","proceeds",{"word":70,"reading":71,"meaning":72,"level":24},"不正","ふせい","fraud",{"word":74,"reading":75,"meaning":76,"level":24},"利用","りよう","use",{"word":78,"reading":79,"meaning":80,"level":19},"偽造","ぎぞう","forgery",{"word":82,"reading":83,"meaning":84,"level":24},"検出","けんしゅつ","detection",{"word":86,"reading":87,"meaning":88,"level":24},"顧客","こきゃく","customer",{"word":90,"reading":91,"meaning":92,"level":19},"認証","にんしょう","authentication",{"word":94,"reading":95,"meaning":96,"level":19},"認可","にんか","authorization",{"word":98,"reading":99,"meaning":100,"level":19},"厳格","げんかく","strict",{"word":102,"reading":103,"meaning":104,"level":19},"機密","きみつ","confidential",{"word":106,"reading":107,"meaning":108,"level":24},"資格","しかく","qualification",{"word":110,"reading":111,"meaning":112,"level":24},"連携","れんけい","linkage",{"word":114,"reading":115,"meaning":116,"level":24},"統合","とうごう","integration",{"word":118,"reading":119,"meaning":120,"level":24},"取引","とりひき","transaction",{"word":122,"reading":123,"meaning":124,"level":19},"改ざん","かいざん","tampering",{"word":126,"reading":127,"meaning":128,"level":19},"監査","かんさ","audit",{"word":130,"reading":131,"meaning":132,"level":24},"経歴","けいれき","history",{"word":134,"reading":135,"meaning":136,"level":19},"委託","いたく","outsourcing","\n::para\nメルペイは、メルカリ[内]{ない:within:N3}の[決済]{けっさい:payment:N3}・[送金]{そうきん:remittance:N4}・[後払い]{あとばらい:deferred payment:N3}・[銀行]{ぎんこう:banking:N4}[連携]{れんけい:linkage:N1}などを[支える]{ささえる:support:N3}[金融]{きんゆう:financial:N1}サービスです。[金融]{きんゆう:financial:N1}サービスは[一般]{いっぱん:general:N2}のECとは[異なり]{ことなり:differs:N1}、[本人]{ほんにん:the person themselves:N5}[確認]{かくにん:verification:N3}や[厳格]{げんかく:strict:N1}な[法令]{ほうれい:laws and ordinances:N2}[遵守]{じゅんしゅ:compliance:N1}が[前提]{ぜんてい:premise:N1}になります。[本]{ほん:this:N5}[記事]{きじ:article:N3}では、メルペイのID[基盤]{きばん:infrastructure:N1}とeKYC（[電子]{でんし:electronic:N5}[本人]{ほんにん:identity:N5}[確認]{かくにん:verification:N3}）まわりの[技術]{ぎじゅつ:technology:N2}を[概観]{がいかん:overview:N1}します。\n\n#en\nMerpay is a financial service supporting payments, remittance, deferred payment (\"Merpay Smart Pay\"), and bank account integration within Mercari. Unlike general e-commerce, financial services are premised on identity verification and strict compliance with laws and ordinances. This article gives an overview of Merpay's identity infrastructure and eKYC (electronic Know Your Customer) technology.\n::\n\n::heading\n[法的]{ほうてき:legal:N3}[背景]{はいけい:background:N3}：[犯収法]{はんしゅうほう:Anti–Criminal Proceeds Act:N3}\n\n#en\nLegal Background: The Act on Prevention of Transfer of Criminal Proceeds\n::\n\n::para\n[日本]{にほん:Japan:N5}では、[犯罪]{はんざい:crime:N3}による[収益]{しゅうえき:proceeds:N1}の[移転]{いてん:transfer:N2}[防止]{ぼうし:prevention:N2}に[関する]{かんする:related to:N3}[法律]{ほうりつ:law:N2}（[通称]{つうしょう:commonly called:N1}「[犯収法]{はんしゅうほう:Hanshū-hō:N3}」）により、[資金]{しきん:funds:N3}[移動]{いどう:transfer:N2}や[銀行]{ぎんこう:bank:N4}[口座]{こうざ:account:N3}[連携]{れんけい:linkage:N1}などの[特定]{とくてい:specified:N3}[取引]{とりひき:transactions:N3}には、[本人]{ほんにん:identity:N5}[確認]{かくにん:verification:N3}が[義務]{ぎむ:obligation:N1}[付けられて]{づけられて:imposed:N3}います。メルペイは[資金]{しきん:funds:N3}[移動]{いどう:transfer:N2}[業者]{ぎょうしゃ:operator:N4}としての[登録]{とうろく:registration:N2}を[受けて]{うけて:having received:N3}おり、これらの[要件]{ようけん:requirements:N3}を[満たす]{みたす:satisfy:N3}[必要]{ひつよう:necessary:N3}があります。\n\n#en\nIn Japan, the Act on Prevention of Transfer of Criminal Proceeds (commonly called \"hanshū-hō\") obligates identity verification for specified transactions such as fund transfers and bank account linkage. As a registered fund-transfer operator, Merpay must satisfy these requirements.\n::\n\n::callout\neKYCは[利便性]{りべんせい:convenience:N3}のためだけではなく、[法令]{ほうれい:laws:N2}[遵守]{じゅんしゅ:compliance:N1}と[マネーロンダリング]{まねーろんだりんぐ:money laundering}[対策]{たいさく:countermeasures:N1}という[強い]{つよい:strong:N4}[制約]{せいやく:constraint:N3}の[下]{もと:under:N5}で[設計]{せっけい:designed:N2}される[仕組み]{しくみ:mechanism:N3}です。\n\n#en\neKYC is not just for convenience — it is a mechanism designed under strong constraints of legal compliance and anti–money laundering (AML) measures.\n::\n\n::heading\neKYCとは[何]{なに:what:N5}か\n\n#en\nWhat Is eKYC?\n::\n\n::para\neKYC（electronic Know Your Customer）は、[従来]{じゅうらい:conventional:N1}の[郵送]{ゆうそう:postal:N2}や[窓口]{まどぐち:counter:N3}による[本人]{ほんにん:identity:N5}[確認]{かくにん:verification:N3}を、スマートフォン[上]{じょう:on:N5}で[完結]{かんけつ:complete:N1}させる[仕組み]{しくみ:mechanism:N3}です。[日本]{にほん:Japan:N5}の[犯収法]{はんしゅうほう:Anti–Criminal Proceeds Act:N3}[施行]{しこう:enforcement:N1}[規則]{きそく:rules:N2}では、[認められて]{みとめられて:permitted:N3}いる[方式]{ほうしき:methods:N3}が[複数]{ふくすう:multiple:N2}[定義]{ていぎ:defined:N1}されており、メルペイをはじめとする[多く]{おおく:many:N4}の[事業者]{じぎょうしゃ:operators:N4}は、[写真]{しゃしん:photo:N4}[付き]{つき:with:N3}[本人]{ほんにん:identity:N5}[確認]{かくにん:verification:N3}[書類]{しょるい:document:N3}と[本人]{ほんにん:the person's:N5}[顔]{かお:face:N3}[画像]{がぞう:image:N2}を[組み合わせる]{くみあわせる:combine:N3}「ホ[方式]{ほうしき:method:N3}」を[基本]{きほん:basis:N1}にしていると[言われて]{いわれて:said:N4}います。\n\n#en\neKYC (electronic Know Your Customer) is a mechanism that completes the previously postal- or counter-based identity verification process on a smartphone. Japan's Anti–Criminal Proceeds Act enforcement rules define several permitted methods; many operators including Merpay are reportedly based on the so-called \"Method Ho,\" which combines a photo-bearing identity document with a live face image of the user.\n::\n\n::heading\n[書類]{しょるい:document:N3}スキャンと[偽造]{ぎぞう:forgery:N1}[検出]{けんしゅつ:detection:N1}\n\n#en\nDocument Scanning and Forgery Detection\n::\n\n::para\n[利用]{りよう:use:N3}[者]{しゃ:person:N4}は[運転]{うんてん:driver's:N4}[免許]{めんきょ:license:N1}[証]{しょう:certificate:N1}や[マイナンバー]{まいなんばー:My Number}[カード]{かーど:card}などを[撮影]{さつえい:photograph:N1}し、[厚み]{あつみ:thickness:N2}が[分かる]{わかる:can be seen:N5}よう[斜め]{ななめ:at an angle:N1}からの[撮影]{さつえい:photograph:N1}も[求められ]{もとめられ:required:N3}ます。サーバー[側]{がわ:side:N3}では、OCRによる[券面]{けんめん:document face:N2}[情報]{じょうほう:information:N3}の[読み取り]{よみとり:extraction:N3}、[文字]{もじ:character:N4}フォントの[整合性]{せいごうせい:consistency:N1}[確認]{かくにん:check:N3}、ホログラムや[券面]{けんめん:document face:N2}[模様]{もよう:pattern:N1}の[特徴]{とくちょう:feature:N1}[検出]{けんしゅつ:detection:N1}などを[組み合わせて]{くみあわせて:combining:N3}[偽造]{ぎぞう:forgery:N1}を[検出]{けんしゅつ:detect:N1}します。\n\n#en\nUsers photograph their driver's license, My Number card, or similar document, and are also required to take an angled shot showing thickness. On the server side, forgery is detected by combining OCR-based extraction of card information, font consistency checks, and feature detection of holograms and card patterns.\n::\n\n::heading\n[顔]{かお:face:N3}[認証]{にんしょう:authentication:N1}とライブネス[判定]{はんてい:detection:N3}\n\n#en\nFace Matching and Liveness Detection\n::\n\n::para\n[書類]{しょるい:document:N3}の[顔]{かお:face:N3}[写真]{しゃしん:photo:N4}と、その[場]{ば:there:N4}で[撮影]{さつえい:taken:N1}した[利用]{りよう:user:N3}[者]{しゃ:person:N4}の[顔]{かお:face:N3}[画像]{がぞう:image:N2}を[照合]{しょうごう:matching:N2}し、[同一]{どういつ:same:N4}[人物]{じんぶつ:person:N4}か[判定]{はんてい:determine:N3}します。さらに、[写真]{しゃしん:photo:N4}や[動画]{どうが:video:N4}の[再生]{さいせい:playback:N2}を[使った]{つかった:using:N4}なりすましを[防ぐ]{ふせぐ:prevent:N2}ため、[視線]{しせん:gaze:N1}の[動き]{うごき:movement:N4}や[瞬き]{まばたき:blinking:N1}、[顔]{かお:face:N3}の[向き]{むき:orientation:N3}[変更]{へんこう:change:N3}などを[要求]{ようきゅう:requesting:N3}するライブネス[判定]{はんてい:detection:N3}が[組み合わされます]{くみあわされます:combined:N3}。これらは[専用]{せんよう:dedicated:N2}のSDKやベンダーサービスを[利用]{りよう:utilizing:N3}しつつ、[最終]{さいしゅう:final:N3}[判断]{はんだん:judgement:N3}は[内部]{ないぶ:internal:N3}の[審査]{しんさ:review:N1}フローで[行われる]{おこなわれる:performed:N5}[構成]{こうせい:configuration:N3}が[一般的]{いっぱんてき:common:N2}と[考えられて]{かんがえられて:thought:N4}います。\n\n#en\nThe face photo on the document is matched against a live image of the user taken on the spot to determine whether they are the same person. Furthermore, liveness detection is combined to prevent spoofing using printed photos or video playback, requesting actions like gaze movement, blinking, and changes in face orientation. While dedicated SDKs and vendor services are typically used, final decisions are commonly thought to be made through an internal review flow.\n::\n\n::callout\n[顔]{かお:face:N3}データなどの[生体]{せいたい:biometric:N4}[情報]{じょうほう:information:N3}は、[個人]{こじん:personal:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}[上]{じょう:under:N5}も[特に]{とくに:especially:N4}[配慮]{はいりょ:care:N1}が[必要]{ひつよう:required:N3}な[要]{よう:requiring:N3}[配慮]{はいりょ:care:N1}[個人]{こじん:personal:N2}[情報]{じょうほう:information:N3}に[該当]{がいとう:corresponds:N1}し[得る]{える:may:N3}ため、[取り扱い]{とりあつかい:handling:N1}は[厳重]{げんじゅう:strict:N1}に[管理]{かんり:managed:N2}されると[考えられます]{かんがえられます:thought:N4}。\n\n#en\nBiometric information such as face data may correspond to \"special-care-required personal information\" under the Act on the Protection of Personal Information, so handling is thought to be tightly managed.\n::\n\n::heading\nID[基盤]{きばん:infrastructure:N1}の[全体]{ぜんたい:overall:N3}[像]{ぞう:picture:N2}\n\n#en\nThe Overall Picture of the ID Infrastructure\n::\n\n::para\nメルペイのID[基盤]{きばん:infrastructure:N1}は、メルカリ[全体]{ぜんたい:overall:N3}の[認証]{にんしょう:authentication:N1}（ログイン、2[段階]{だんかい:step:N2}[認証]{にんしょう:authentication:N1}）と、メルペイ[固有]{こゆう:specific:N2}の[認可]{にんか:authorization:N3}（[資金]{しきん:funds:N3}[移動]{いどう:transfer:N2}[資格]{しかく:status:N3}、[与信]{よしん:credit:N3}ステータス）の[両方]{りょうほう:both:N3}を[扱い]{あつかい:handle:N1}ます。OAuth 2.0／OIDCをベースに[内部]{ないぶ:internal:N3}サービスへトークンを[配布]{はいふ:distribute:N2}し、[各]{かく:each:N2}サービスは[必要]{ひつよう:necessary:N3}な[資格]{しかく:status:N3}（KYC[完了]{かんりょう:completed:N2}、[年齢]{ねんれい:age:N2}[確認]{かくにん:verified:N3}など）を[クレーム]{くれーむ:claims}として[受け取り]{うけとり:receive:N3}、[許可]{きょか:authorization:N3}[判定]{はんてい:decision:N3}を[行う]{おこなう:perform:N5}[構成]{こうせい:configuration:N3}が[一般的]{いっぱんてき:common:N2}と[言われて]{いわれて:said:N4}います。\n\n#en\nMerpay's ID infrastructure handles both Mercari-wide authentication (login, two-factor authentication) and Merpay-specific authorization (fund-transfer eligibility, credit status). It is reportedly common to distribute tokens to internal services based on OAuth 2.0 \u002F OIDC, with each service receiving necessary statuses (KYC complete, age verified, etc.) as claims and making authorization decisions on that basis.\n::\n\n::heading\n[銀行]{ぎんこう:bank:N4}[口座]{こうざ:account:N3}[連携]{れんけい:linkage:N1}とアグリゲーション\n\n#en\nBank Account Linkage and Aggregation\n::\n\n::para\nメルペイ[残高]{ざんだか:balance:N3}へのチャージや[出金]{しゅっきん:withdrawal:N5}には、[銀行]{ぎんこう:bank:N4}[口座]{こうざ:account:N3}[連携]{れんけい:linkage:N1}が[必要]{ひつよう:needed:N3}になります。これには、[全国]{ぜんこく:nationwide:N3}[銀行]{ぎんこう:bank:N4}[協会]{きょうかい:association:N2}の[全]{ぜん:all:N3}[銀]{ぎん:banks:N4}EDIシステムや、[各]{かく:each:N2}[銀行]{ぎんこう:bank:N4}が[公開]{こうかい:expose:N4}するAPI、Open Banking[相当]{そうとう:equivalent:N3}の[仕組み]{しくみ:mechanism:N3}が[使われて]{つかわれて:used:N4}いると[見られて]{みられて:seen:N5}います。さらに、メルペイは「あと[払い]{ばらい:payment:N3}」のために[利用]{りよう:user:N3}[者]{しゃ:person:N4}の[履歴]{りれき:history:N1}を[元に]{もとに:based on:N4}した[与信]{よしん:credit:N3}[判断]{はんだん:assessment:N3}を[行って]{おこなって:performing:N5}おり、[内部]{ないぶ:internal:N3}の[行動]{こうどう:behavioral:N4}データと[外部]{がいぶ:external:N3}スコアリングを[組み合わせる]{くみあわせる:combining:N3}[構成]{こうせい:configuration:N3}と[思われ]{おもわれ:thought:N4}ます。\n\n#en\nCharging the Merpay balance and withdrawing funds require bank account linkage. This is seen to use the Japanese Bankers Association's Zengin EDI system, APIs exposed by individual banks, and Open Banking–equivalent mechanisms. Furthermore, Merpay performs credit assessment for its \"Smart Pay\" deferred-payment feature based on user history, in what is thought to be a configuration combining internal behavioral data with external scoring.\n::\n\n::heading\nセキュリティ・[改ざん]{かいざん:tampering:N2}[防止]{ぼうし:prevention:N2}\n\n#en\nSecurity and Tamper Prevention\n::\n\n::para\n[本人]{ほんにん:identity:N5}[確認]{かくにん:verification:N3}データや[取引]{とりひき:transaction:N3}[履歴]{りれき:history:N1}は[長期]{ちょうき:long-term:N3}[保管]{ほかん:retention:N1}が[義務]{ぎむ:required:N1}であり、[改ざん]{かいざん:tampering:N2}[防止]{ぼうし:prevention:N2}・[追跡]{ついせき:traceability:N2}が[強く]{つよく:strongly:N4}[求められます]{もとめられます:demanded:N3}。WORM[ストレージ]{すとれーじ:storage}（Write Once Read Many）や、ハッシュチェーンによる[改ざん]{かいざん:tampering:N2}[検知]{けんち:detection:N1}、KMSを[用いた]{もちいた:using:N4}[暗号]{あんごう:encryption:N3}[鍵]{かぎ:key:N1}[管理]{かんり:management:N2}など、[一般的]{いっぱんてき:common:N2}な[金融]{きんゆう:financial:N1}インフラの[手法]{しゅほう:practices:N3}が[組み合わされます]{くみあわされます:combined:N3}と[考えられます]{かんがえられます:thought:N4}。[加えて]{くわえて:additionally:N3}、[内部]{ないぶ:internal:N3}[監査]{かんさ:audit:N1}や[外部]{がいぶ:external:N3}[第]{だい:ordinal:N1}[三]{さん:three:N5}[者]{しゃ:party:N4}[監査]{かんさ:audit:N1}にも[耐え]{たえ:withstand:N1}られる[証跡]{しょうせき:audit trail:N1}の[保持]{ほじ:retention:N1}が[必須]{ひっす:essential:N1}です。\n\n#en\nIdentity verification data and transaction history must be retained long-term, and tamper prevention and traceability are strongly required. WORM storage (Write Once Read Many), tamper detection via hash chains, and encryption-key management using KMS are thought to be combined as common financial-infrastructure practices. In addition, retaining audit trails that can withstand internal and external third-party audits is essential.\n::\n\n::heading\n[委託]{いたく:outsourcing:N1}とベンダー[管理]{かんり:management:N2}\n\n#en\nOutsourcing and Vendor Management\n::\n\n::para\neKYCの[要素]{ようそ:component:N1}[技術]{ぎじゅつ:technology:N2}（OCR、[顔]{かお:face:N3}[照合]{しょうごう:matching:N2}、ライブネス[判定]{はんてい:detection:N3}）には[専門]{せんもん:specialized:N2}ベンダーが[多く]{おおく:many:N4}[存在]{そんざい:exist:N3}し、[内製]{ないせい:in-house:N1}と[委託]{いたく:outsourcing:N1}を[組み合わせる]{くみあわせる:combining:N3}[構成]{こうせい:configuration:N3}が[一般的]{いっぱんてき:common:N2}です。[一方]{いっぽう:on the other hand:N4}、[委託]{いたく:outsourcing:N1}[先]{さき:partner:N5}にも[個人]{こじん:personal:N2}[情報]{じょうほう:information:N3}[保護]{ほご:protection:N1}[法]{ほう:law:N3}[上]{じょう:under:N5}の[安全]{あんぜん:safety:N3}[管理]{かんり:management:N2}[措置]{そち:measures:N1}が[適用]{てきよう:apply:N3}されるため、[契約]{けいやく:contract:N1}・[監査]{かんさ:audit:N1}・[ログ]{ろぐ:log}[共有]{きょうゆう:sharing:N3}などのガバナンスが[重要]{じゅうよう:important:N3}になります。\n\n#en\nThere are many specialized vendors for eKYC component technologies (OCR, face matching, liveness detection), and combining in-house development with outsourcing is common. At the same time, outsourcing partners are also subject to safety-management measures under the Act on the Protection of Personal Information, so governance over contracts, audits, and log sharing becomes important.\n::\n\n::heading\nおわりに\n\n#en\nConclusion\n::\n\n::para\nメルペイのID[基盤]{きばん:infrastructure:N1}は、[利便性]{りべんせい:convenience:N3}（[スマホ]{すまほ:smartphone}[上]{じょう:on:N5}での[完結]{かんけつ:complete:N1}）と、[法令]{ほうれい:legal:N2}[遵守]{じゅんしゅ:compliance:N1}・[セキュリティ]{せきゅりてぃ:security}という[相反]{そうはん:conflicting:N3}しがちな[要素]{ようそ:elements:N1}を[両立]{りょうりつ:balance:N3}するための[総合]{そうごう:integrated:N2}[基盤]{きばん:infrastructure:N1}です。eKYCは[一]{いち:one:N5}つの[技術]{ぎじゅつ:technology:N2}ではなく、[書類]{しょるい:document:N3}[認識]{にんしき:recognition:N3}、[顔]{かお:face:N3}[照合]{しょうごう:matching:N2}、ライブネス[判定]{はんてい:detection:N3}、[改ざん]{かいざん:tampering:N2}[防止]{ぼうし:prevention:N2}、[認可]{にんか:authorization:N3}フローまでを[含んだ]{ふくんだ:encompassing:N2}スタック[全体]{ぜんたい:whole:N3}の[設計]{せっけい:design:N2}[問題]{もんだい:problem:N4}と[捉える]{とらえる:should be viewed:N1}べきと[言える]{いえる:can say:N4}でしょう。\n\n#en\nMerpay's ID infrastructure is integrated infrastructure for balancing the often-conflicting elements of convenience (everything completed on a smartphone), legal compliance, and security. eKYC should be viewed not as a single technology but as a stack-wide design problem encompassing document recognition, face matching, liveness detection, tamper prevention, and the authorization flow.\n::\n"]