original title:
Internet payment into the universal stage of payment, the risk of payment as the biggest security risk for mobile phone users
Mobile wallet, innovation even more reassuring
Two-dimensional code hidden payment trap
Low production costs, liar can change the account at any time, often destroyed a number of batches appeared again and again, it is difficult to fundamentally put an end to
Li Hao, who lives in Beijing's Haidian District, Beijing, has a private car that usually opens less and has never eaten a ticket. One weekend, Li Hao drove to a friend's house in Daxing District, saw the roads around the neighborhood parked in private cars, Parked on the roadside from the friend's house, Li Hao found his car's windshield more than a two-dimensional code printed on the 'illegal parking notice.'
'At first I thought it was who put a small advertisement, read the traffic police detachment found the official seal, also copied my license plate number.' Li Hao to see nearby vehicles have such a 'notice', I believe it, began to press' notice Single 'prompts to prepare scanning two-dimensional code payment.At this time another owner came, will own car' notice 'removed, Li Hao asked to know before, it turned out to be a means of payment fraud Once the payment is successful, the money is transferred to the liar's WeChat account.
Li Hao to get the 'notice', the reporter opened the mobile micro-channel scan the QR code, the phone immediately into the payment interface, the amount of 200 yuan, as well as 'Beijing Daxing District traffic detachment' message, suggesting that users pay However, the reporter carefully check the payment page, under the user avatar, there is a row of 'transfer to individual users' prompt, indicating that this is a personal account.Reporter click on the bottom of the' transfer 'button, pop-up' payee WeChat payment account has Frozen ', indicating that this account has been reported for seizure.
Now eat, shopping are two-dimensional code to scan the habit of customary, did not expect two-dimensional code can also get money so Li Hao told reporters after this incident, he doubts the security of the two-dimensional code payment.
Wuhan University student Zheng Kai had suffered the loss of two-dimensional code .In March of this year, he was prepared to use the shared bike near the school, according to the prompts to scan the two-dimensional code, then jump to the WeChat payment page, the user's picture is the bicycle brand LOGO, the amount of 99 yuan, Zheng Kai mistakenly believe that is required to pay a deposit, click on the payment, the money in the WeChat wallet was transferred away, but the bicycle did not unlock, Xiao Zheng found that the original two-dimensional code scanning Is attached to the car body, peeled off this piece, revealing the original bike two-dimensional code.
'So just openly fraud in broad daylight, is there no way to manage?' Zheng Kai complained that he found the local police station, the police said that similar two-dimensional code scams have occurred more than the current request only payment agencies seized the relevant account , Try their best to help the victims recover the loss, but because of the two-dimensional code production costs are too low, liar and free to generate new accounts, often destroyed one after another batch, it is difficult to fundamentally eliminate.
Now, go out without money, a cell phone to take the world to become the habit of many people, and in many mobile payment methods, two-dimensional code because of convenient and low cost advantages, become the most important form of micro-payment. The center's survey shows that in face to pay the amount of 100 yuan the following, the user preferred to use mobile phone two-dimensional code, bar code payment ratio of 28%, ranking first.
According to the data disclosed by the Internet Society of China, China's mobile phone users often face the problem of mobile security software, accounting for 88.3% of the payment pitfalls, ranking first.
"Compared with other payment methods, two-dimensional code payment to the minimum hardware requirements, but this low-cost advantage is a double-edged sword, on the one hand to promote its rapid layout, on the other hand also greatly reduces the criminals to implement payment fraud Cost. "China Union Pay security experts Wang Yu told reporters that from a technical point of view, the beginning of the two-dimensional code was designed for the Internet of Things, and the absolute security requirements of the financial sector have a certain gap.
'It is taking into account the two-dimensional code in the security there is a lack of two-dimensional code has not been recognized and commercial use of commercial banks and large-scale use.' Hua Xia Bank Strategic Development Strategy Department head Yang Chi told reporters that the current two-dimensional code Of the payment risk mainly for fishing risk, that is, through the QR code link to bring the user to a fake website or payment page, the average user is difficult to distinguish the authenticity of the two-dimensional code payment is completed in an open network environment may result Network transmission and network leakage risk.In addition, due to the loss of the user's own cell phone and other equipment caused by risk is also an important factor.
Information disclosure becomes a source of payment risk
Some third-party payment agencies illegal operation, misappropriation of customer funds may lead to chain financial risk
During the 11th of this year, a resident of Guangzhou, Li Wensheng, went to the United States for free exercise. Shortly after returning, he received a text message saying that he could apply for a simple tax refund process. After he promptly dials the telephone number starting with 400, the other party asks Li Wensheng Bank of English web page to operate in the input card number, password, verification code and other information, Li Wensheng found that the reduction of account funds, then find a real bank customer service phone to ask that his account funds have been through a third-party payment agencies in the online consumption Lost.
'I usually heard of such a phishing site, but the other person had the full details of my trip to the United States and I knew it even when I was in some places of consumption.' "Lee Wensheng said.
'With the rapid development of mobile payment, payment verification begins to break away from the hardware equipment and enters the stage of relying solely on information verification. This poses higher requirements for the user's sensitive information storage, which means possible financial losses once the information is leaked.' Wang Yu said that in recent years, many newly-emerged third-party payment agencies tend to reduce security control because of the expansion of the market. Their ability to recognize transaction transactions and counter-fraud capabilities is relatively weak and they can not properly handle the functions of capital checkmen , While the lack of technical input, it is easy to cause the user to pay information leakage.
According to a report released by China Payment and Clearing Association, nearly 200 online shopping mall or payment platforms were exposed in 2016, causing security breaches that resulted in theft of database information. Among them, several websites leaked millions of user information and even up to thousands Ten thousand.
Fan Yifei, deputy governor of the People's Bank of China, said that because of the virtualization of the Internet, the diversification of payment services and the diversification of participants, the payment risks are characterized by rapid spread, strong concealment, long incubation period and spillover effects. Sensitive information protection, customer funds security, business continuity and other aspects of the pressure, the information leakage has become a source of risk to pay security problems.
Not only that, some third-party payment agencies illegal operation, the misappropriation of customer funds, there is the possibility of causing financial risk.'Once the payment agencies illegal misappropriation of funds, customers will have problems with payment, if the risk of many simultaneous payment in a short period of time outbreak , May lead to a chain of financial risks. 'Yang Chi said.
According to incomplete statistics, a total of 48 third-party payment agencies have been penalized 71 times by regulatory authorities over the past three years, with a total fine of nearly 100 million yuan. Factors such as cancellation, voluntary cancellation of application, non-renewal and renewal of mergers and acquisitions, Home non-bank payment agencies reduced to 255 in 2016.
In March this year, the non-bank payment agency network payment and settlement platform (the 'Internet Alliance') started trial operation. According to the request of the Central Bank, all payment services involving bank accounts accepted by the payment institutions since June 30, 2018 will go through the network Joint platform to deal with, designed to manage the capital channel, to prevent systemic risk.
Balanced efficiency and safety of the seesaw
Payment agencies value the experience, commercial banks value safety, the two need to learn from each other, mutual melting
Although mobile payment faces various security risks, it has not stopped its rapid development. According to the statistics of China Payment and Liquidation Association, in the second quarter of this year, China's mobile payment business maintained a relatively rapid growth. The number and amount of mobile payment businesses were respectively up year-on-year Up by 40.51% and 33.84% respectively. The number and amount of online payment transactions handled by non-bank payment institutions increased by 67.85% and 34.87% respectively over the same period of last year.
'Although there are risks of mobile payments, but let me return to rely on bank U shield to pay the environment is unlikely, and who will go out spending U Shield and the computer?' Shanghai Pudong young white-collar workers Liu Jing told reporters that he Many people around, even those who have been cheated money, have not given up the use of new mobile payment methods.
According to a survey released by China UnionPay, China's mobile payment has entered a stage of universalization. In 2016, 96% of respondents used mobile devices such as mobile phones to pay, an increase of 14% over the previous year, while those using online banking only paid 20% , Down 15% over the previous year. In terms of payment verification methods, 46% of respondents used fingerprinting methods in 2016, an increase of 2.5 times over the same period of previous year, of which 70% of those surveyed after 95% U Shield, digital certificates and other traditional methods of verification showed a marked decline in the trend.
'U Shield as the representative of the payment verification measures, is still the most secure means of verification in the short term can not be replaced in the field of large payments, but there are indeed the use of cumbersome, complex processes and other issues.' Yang Chi told reporters, based on their Different development goals, third-party payment agencies tend to pay experience first, while the risk-averse commercial banks put payment security in the first place, the two need to learn from each other, and work together to create convenient and safe Payment environment.
'The innovation in payment technology brought by financial technology faces the challenge of splitting into two.' Yang Tao, assistant director of the Institute of Finance at the Chinese Academy of Social Sciences, said that innovations in emerging payment methods have increased the efficiency of economic transactions and boosted consumption and investment, , To pay for innovation must also avoid too much, balance the efficiency and safety of the seesaw.
Experts and practitioners generally believe that protecting payment security in no way means paying no innovation. Rather, it is necessary to enhance security precautions both in offensive and defensive positions while satisfying payment conveniences.
- In the area of offensive, we should speed up the upgrading of payment technology and, on the basis of guaranteeing safety, maximize the convenience for users to pay.
While fingerprinting is rapidly gaining prominence, some payment agencies are turning to brush-face payments and sonic payments as innovative directions and cross-certifying multiple biometrics to further reduce payment risk.
Traditional banks are not far behind. Xie Xiang, Director of ICBC's Network Financial Scenario Co-operation Department, told reporters that at present, ICBC has provided customers with diversified payment authentication methods such as SMS, static passwords and fingerprints, effectively taking into account the needs of payment security and convenience .
- On the defensive side, we should strengthen risk prevention and control over existing payment methods and ensure the payment security by means of technology and insurance.
Alipay currently uses a set of intelligent real-time wind control systems to conduct real-time scanning on hundreds of millions of transactions occurring on the platform daily, analyzing and handling risks from user behavior, trading environment and related relationships. 'Ant Golden dress senior security expert Zhu Tong introduced to reporters, this set of security systems through data analysis, mining, automatic updating and perfection of risk control strategies to continuously improve risk control capabilities.
ICBC took the lead in researching and developing the "External Fraud Risk Information System" in the industry, using big data to effectively control the telecom fraud accounts detected by the public security department and carrying out real-time early warning of business operations, and implemented the prevention and control of telecommunications fraud from the source. More and more, 108,000 telecommunications frauds have been identified and intercepted to avoid economic losses of over 1.6 billion yuan for clients.
In addition to technical measures, insurance functions have also been introduced in recent years to prevent payment risks. A number of insurance companies have jointly launched the 'Pirates of the Risks' in joint payment agencies, and insurance companies compensate them for loss of payment.