Are point sites dangerous? The core is starting with safe majors and protecting your data and money — cashback is a bonus
Are point sites dangerous? — No need to be overly worried if you start with major, reputable sites
Here is the conclusion upfront. Major point sites affiliated with listed companies — such as Moppy and Hapitas — can be used safely. The concerns you see online about "personal data being stolen" or "being unable to cash out" mostly involve small, obscure sites with no verifiable track record. As long as you choose a major site that meets five key criteria — a listed-company operator, a Privacy Mark (P mark), JIPC membership, SSL, and a long history of confirmed cash-outs — and you manage what personal data you share, there is no need for excessive worry.
That said, it would be wrong to say all point sites are safe across the board. You need to recognize and avoid real warning signs: suspiciously high cashback rates, reports of people unable to cash out, zero user reviews, and demands for excessive personal information. This article covers how to identify safe major sites, red flags of shady sites, phishing and fraud tactics, and practical steps to protect your personal data and inbox. For a broader guide on choosing a site, see the site-selection article and the getting-started guide.
Why do point sites give you points for free? — Understanding the model makes the doubt disappear
The biggest source of suspicion is the question: "Why do I get points for free?" The answer is simple: the funding comes from performance-based advertising fees paid by advertisers — credit card companies, e-commerce sites, insurance providers, and more. When a user applies for a credit card or makes a purchase through a point site, the advertiser pays the site operator a "success fee," and a portion of that fee is returned to the user as points.
| Step | What happens |
|---|---|
| ① User completes an offer via the site | Shops or applies through the point site |
| ② Advertiser pays a success fee | Card company or e-commerce site pays the operator |
| ③ Operator awards points to the user | A share of the ad fee is returned as points |
| ④ User cashes out or exchanges | Converts to cash, other points, or gift cards |
This model is entirely legitimate — the same principle behind affiliate programs on Rakuten or Amazon. It is neither a scam nor a pyramid scheme; it is a model that passes advertising revenue on to users. However, a small number of sites abuse this model by shutting down before users can cash out, or by running registrations purely to harvest personal data — which is exactly why knowing how to tell sites apart matters.
Five criteria for a safe site — operator track record, Privacy Mark, SSL, JIPC, and cash-out reviews
There are five things to check when choosing a safe point site. A site that meets all five can be started with confidence, even by a first-timer.
| Check item | Safety benchmark | How to verify |
|---|---|---|
| Operating company / listed status | TSE-listed company or established corporation | Check the operator name on the site's "Company info" page |
| Privacy Mark (P mark) | Obtained (P mark shown in footer) | The certification number can be cross-checked on the JIPDEC website |
| JIPC membership | Member of the Japan Internet Point Council | Confirm on the JIPC member list page |
| SSL (https) | https on all pages; lock icon in browser | Check the https and lock icon in the address bar |
| Cash-out track record / reviews | Multiple confirmed reports of successful cash-outs | Search for "cashed out" mentions on SNS and review sites |
Major sites — Moppy (Ceres: TSE-listed), Hapitas (Osvision), Point Town (GMO group), EC Navi (Kakaku.com group), and Gendama (NetMile group) — all satisfy these five criteria. Registering with multiple sites is fine, but starting with one or two major sites, learning the ropes, and then expanding helps prevent spam and management overload. For detailed comparisons, see the site-selection article and the Moppy complete guide.
The "Privacy Mark" is a third-party certification issued by JIPDEC (Japan Information Processing Development Corporation), indicating that a site's personal data protection system meets a defined standard. Because the certification number is publicly verifiable, you can check whether a displayed mark is genuine.
What matters is not trusting the five criteria as "the site's self-declaration" but verifying them yourself. A Privacy Mark's certification number can be checked against the official body's site, and JIPC membership can be confirmed in the council's member list. SSL is obvious from the lock icon in the URL bar; for the operating company, confirm the corporate name and address in "Company Profile" and, if needed, search the company name to see whether it really exists and is listed. Whether you can cash out is gauged by whether third-party SNS and reviews carry multiple concrete reports of "actually cashed out." Conversely, even if a site writes "safe" or "Privacy Mark obtained" itself, don't take it at face value unless you can back it up with the number or member list. To compare multiple sites, see the site-selection article.
Red flags of shady sites — rates too high, can't cash out, zero reviews
When you are tempted by a site outside the major players that "looks like a good deal," avoid registering if even one of the following red flags applies. Sites matching multiple flags are especially risky.
- Cashback rate several times the market standard: Sites offering far above the going rate for a single credit card application carry a high risk of shutting down before you can cash out, or disqualifying your points after the fact. "High rate ≠ good site."
- Can't cash out; no one who has: If SNS and Q&A sites have no specific reports of users successfully cashing out, that is a danger sign. Sites with repeated posts like "I accumulated points but the cash-out button won't work" or "my request was rejected as invalid" should be avoided.
- Virtually zero user reviews: A service that has been running for a while but shows almost no user feedback — or where reviews look suspiciously like planted content — warrants caution.
- Suspiciously high minimum cash-out threshold: A minimum cash-out amount far above the standard seen on major sites may be designed to bore users into giving up before they reach it, so the site never has to pay.
- Operating company details are vague or missing: No company overview, representative name, or address — or searching returns no results. The site may be run by an unregistered individual.
- Asks for credit card numbers at free registration: Basic free registration on a point site only requires an email address and password. Asking for a card number or bank account at the outset is abnormal.
- No findable way to quit or delete your account: Sites where the help pages have no withdrawal instructions, or where the cancellation form doesn't work, are a red flag.
If you have already registered with a shady site, submit a cancellation request immediately, change your password, and update the same password on any other services where you reused it. For details on prohibited conduct, see the NG-behavior article.
What danger signs share is a structure that rushes your judgment with "how good a deal it is." High cashback far above the going rate can itself be the classic bait of sites that "close before you cash out" or "remove conditions after the fact." The more your heart moves at "overwhelmingly better than elsewhere," the more you should pause to check the plain three—operating company, cash-out reviews, and how to withdraw—and that single beat prevents harm. Also, if you've already registered and entered information on a suspicious site, act early in this order: withdrawal procedure → change that site's password → change other services that reused the same password. You can also check specific NG actions in the NG-behavior article.
Fraud and phishing tactics — and how to spot them
There are several typical patterns of fraud and phishing tied to point sites. Knowing the tactics alone dramatically reduces your exposure.
- "Your points are about to expire" / "You've won a prize" emails: These impersonate a legitimate point site, lure you to a fake URL, and steal your login credentials. Check the sender's domain to see whether the email is genuine. Make a habit of never logging in through an email link — always use a bookmark or the official app.
- SNS "exchange your points at a premium" scams: DMs or posts like "exchange 1,000 points for ¥10,000" impersonate a non-existent exchange service and trick you into paying or entering personal data. "Special exchange" deals outside the official site do not exist.
- Fake point sites (clones of major sites): Sites with a design nearly identical to a major site, differing only in the URL. They capture the login ID and password you type. Always access via bookmark or official app.
- Fake "unauthorized access detected" alerts: Impersonating the official site with "your account will be suspended" messaging, driving you to a fake site to change your password. The important thing is to log into the real official app or site directly to check.
- Referral-fee scams via "high-value offers": LINE messages or posts claiming "just sign up for XX and earn tens of thousands of yen," which are designed to funnel your personal data to dubious operators. Legitimate point sites do not make sudden high-value offers via SNS or LINE.
Phishing basics: Never log in through a link in an email. Always check the URL via a bookmark or official app. Set a different password for each point site (reusing passwords is the entry point for fraudulent point conversions). If you notice a suspicious email, forward it to official support and report it.
The weakness these tricks share is that they all "try to move you from a link in an email, on SNS, or in LINE." Conversely, just one habit—"don't enter from a link; always access by yourself via a bookmark or the official app"—neutralizes most phishing. Also, remember that anxiety-stoking wording (expiry, winning, unauthorized access, account suspension) is a stock phrase of fraud. A genuine points site never suddenly pitches you individually with a high offer like "register and get tens of thousands of yen" on SNS or LINE. If you feel even slightly suspicious, forwarding it to official support to confirm before clicking the link is the safe move.
Protecting your personal data and inbox — a dedicated email address is your best defense
Even with major point sites, signing up means you will receive a certain volume of email. Completing offers also brings emails from individual shops and services. The single most effective defense is creating a separate email address dedicated to point activities.
- ① Create a free email address just for point activitiesUse Gmail's "plus alias" feature (e.g., [email protected]) or create a fresh dedicated account. Never register your main address with any point site. If spam arrives, you can filter or delete just the dedicated address.
- ② Review mailing settings right after you registerImmediately after registering with a point site, go to the "email notification settings" or "advertising email" section and opt out. Major sites that let you receive only campaign alerts are easy to manage.
- ③ Share only the minimum personal data each offer requiresShopping offers usually only need an email address. Financial offers such as credit cards, FX, or securities require official identity verification documents (e.g., My Number card) — that is a legally required and legitimate process. Being asked for a passport or bank account number outside a financial offer is a warning sign.
- ④ Set a different password for each siteReusing the same password across multiple services means a single leak can compromise everything (credential-stuffing attacks). A password manager is the practical solution.
- ⑤ Check your points and exchange history regularlyReview your point balance and exchange log about once a month. If you see an exchange you didn't make, contact support immediately.
For overall point management across multiple sites, see the household-app & management article. For NG behavior around multiple accounts, see the multiple-accounts & terms article.
Mini glossary — key terms for judging safety
Knowing the words used to identify safe sites and the words used in fraud tactics lets you stay neither over-fearful nor over-trusting. Whether a certification or scheme is in place can be checked on each site's footer and on official organization websites.
| Term | Meaning | What to check |
|---|---|---|
| Privacy Mark (P mark) | Third-party certification that a site's personal data protection meets a set standard | Certification number verifiable on the official site |
| JIPC | Japan Internet Point Council | Confirm membership on the JIPC member list |
| SSL (https) | Technology that encrypts communication | Lock icon and https in the address bar |
| Performance-based advertising | Model where advertisers pay per result (the source of your points) | Why getting points for free is not suspicious |
| Phishing | Fraud that steals your ID/password via fake emails or fake sites | Never log in through a link in an email |
| Credential stuffing | Using reused passwords to break into other services | Use a different password for each site |
Verify certifications, schemes, and track records on each site and with official bodies. For site selection see the site-selection article, for what not to do see the NG-behavior article, and for getting started see the getting-started guide.
Honest answers to common worries — FAQ
Are point sites really safe? Don't they seem shady?
Is it safe to register my personal data? I'm worried about leaks.
I've heard you get flooded with spam — is that true?
What should I do if I receive a phishing email?
Can you still be unable to cash out even on a safe site?
How do I quit a point site when I want to?
Why do I get points for free? Is there a catch?
Is it okay to register with multiple sites? Won't the risk increase?
Is it okay to use it as a family, or create an account for a child (a minor)?
If the operating company shuts down the service, what happens to the points I've saved?
This article was written from publicly available information on each point site as of 2026-06-21. Cashback rates, campaign terms, and redemption rules can change without notice — always check each site's official page for the latest. This site uses each point site's referral program, but going through a referral link never changes the rate you receive.