Emphasizing the supportability of information security

This is a brush case, outlaws get Lei identity and bank card information, through the forgery of their identity card in Guangdong Lei Mobile card number, and then through the registration of a Alipay account linked Lei bank card, so as to achieve the purpose of transfer.

This is not Alipay "fast pay" first burst of the theft of the incident. The so-called "fast payment", is the bank card account and "Alipay" and other Third-party payment platform of the account connection, in the online shopping can directly enter the latter's password to trade. Meng, a senior analyst at Analysys International, told the first financial daily reporter yesterday that the biggest difference between fast payment and net silver payment is that you don't need to jump to a bank gateway like a net-silver payment.

Yesterday, Alipay (China) Network Technology Co., Ltd. (hereinafter referred to as "Alipay Company") relevant responsible person in the interview with this reporter stressed the security of information, but do not deny that, such as the user information in the event of a large number of leaks, the probability of their account risk will be very high, "the equivalent of the surface of the defensive line is all mastered by others." ”

In the increasingly in-depth internet finance today, Alipay is facing the "fast hidden worry" is the entire Third-party mobile payment industry is facing security issues-one side is the user to enjoy the convenient payment, the other side is in order to pursue the user experience and buried under the wind control hidden trouble.

"At present, the third party payment industry, can not just issued a license, the industry access threshold to improve, such as Alipay platform to run, there is a fast payment of such innovation, but more to do a good job in the process of innovation supervision, establish the industry safety standards." Lei, director of China e-commerce Research Center, told our correspondent.

Fast Bottom Line

2011, Alipay launched "Fast Payment". Through the payment platform, users do not need to open the net silver, you can directly through the input card surface information quickly completed payment. In other words, they are paying by an account. "A third party who did not want to be named was paid by the industry," the reporter said.

This means that such payments can bypass the bank, the first association does not need to enter the bank card's withdrawal code, this was confirmed by Alipay customer service. This reporter in Alipay attempt to quickly link a bank card, found that really only need to enter the phone to receive the verification code can be completed a payment.

In other words, the fraudster only needs to master the user's identity information and bank card number, and can obtain the cell phone authentication code, can successfully steal the money in the bank card. This is also the Outlaws first take Lei's false ID card to re-submit the important reason of the SIM card.

Does convenience make secure "boundaries" blurred? "Alipay fast payment There are some security risks, such as the first verification also does not need to enter the bank password, relatively speaking, the bank in the authentication of more stringent." "A joint-stock Bank electronic Banking department in charge of the disclosure.

Yesterday, our correspondent called ICBC (601398.SH,01398.HK) and Construction Bank (601939.SH,00939.HK), the two bank's customer service staff said that customers in the use of "fast payment", do not have to pass the bank net silver, so the transaction process is not protected by the bank.

E-commerce observer, million-engine consulting CEO Ruzenwang said: "The risk of payment platform exists in the fast ' payment password ' setting; When the cell phone and the bank card are bound, the person who picks up the phone does not need to enter the card number, can obtain the password. This is the payment platform is a huge hidden danger, and this hidden danger more and more serious. ”

Recently, some of the domestic media has repeatedly reported that the "Fast payment" bank card encountered the network theft brush event. This August, Tencent (00700.HK) third-party payment platform Tenpay Some users also complained about the theft of accounts.

Alipay response

Yesterday evening, Alipay company responsible for the report of the reporter responded to the theft of the brush incident, said the cause of the incident is the use of fake ID card in the business Hall of a replacement SIM card, which itself is Alipay can not be controlled; for any cause of the fast payment stolen problems, the Alipay users will receive 100% of the compensation There will be no loss in itself.

2011, Alipay made it clear that the user to use fast payment if the loss of funds, Alipay will pay in full. October 17, 2013, Alipay announced to all "fast payment" users free of charge for a fund protection insurance, which is insured by China Ping An property Insurance Co., Ltd.

But Lei has not yet enjoyed this "welfare", "Alipay has no claim whatsoever." Lei told our correspondent, the current distance from the brush incident has been over nearly a week's time.

Use Alipay fast payment, do not have to enter the bank card password, is not to reduce the security of funds? The Alipay company said that in accordance with the international practice of payment, the general will not directly enter the bank card's withdrawal password. The reason is that, first of all, the bank card's 6-digit password used on the Internet security intensity is not enough, and second, if the phishing site or hacker attacks, the risk of a bank card password leakage is greater.

He said that in addition to the "Fast payment" password, cell phone check code, Alipay and the user can not see the background wind control system, but, the person also admitted that, objectively speaking, the theft of the brush in the case of the victim identity information almost all leaked, the probability of its account risk will be high.

"On the identity card information is insufficient authentication, the input password lacks multiple authentication, it is Alipay fast payment biggest loophole." "A banker analysis, fast payment is a kind of innovation, but ID card verification is a bottom line, if not enough wind control capacity, just omit the program as innovation, this is a damage to the entire industry."

Security vs Quick

China e-commerce complaints and Rights protection public Service platform monitoring data show that in 2012, the National third-party payment area of complaints, Tenpay accounted for 23.5%, Ching accounted for 19.83%, Alipay accounted for 16.7%, Yeepay payment accounted for 9.35%, hundred pay accounted for 4.9%.

"The nature of security issues paid by third parties is similar to the traditional credit card theft brush." "IBM Senior strategic analyst Wang Yu that the Third-party payment platform to provide value-added services, simplifying the transaction process is a change in the entire payment model, security issues is a manageable problem in the model, but need to find ways to improve and improve."

"The bank's credit certification is to rely on personal identity card authentication, this is the only identity certification, Alipay and other third-party payments have a variety of authentication methods, such as: real-name identity authentication, mobile phones, mailboxes and so on." "Wang Yu analysis, compared to the physical nature of the bank's personal identity card certification, Third-party payment platform can use mobile phones, mailboxes and other virtual information authentication; Less physical authentication, the user interaction experience of the complexity of the reduction, which increased the user experience.

In Wang Yu's view, this also shows that in the Third-party payment platform, the user experience and security balance is: you choose Virtual Information authentication or physical certification. But rather subtly, this option is in the hands of a third party payment platform and in the hands of each user.

Ruzenwang that there is a need to find a balance between fast and safe, not to reduce security levels for fast. He analyzed that the net silver payment is trouble because to enter all the information, fast payment of security problems can be considered to enter the account of the post 4 digits or set up consumption quotas to solve. Lei said, first of all to ensure that the premise of security, shorten the process and improve the user experience.

Alipay also said that the need for a balance between security and convenience, the higher the security may be more complex user use, its internal will continue to improve the intelligent wind control accuracy, while prompting users to pay attention to their own information protection.

Only from the technical point of view, Wang Yu that the current Internet financial fast payment exposes the security problem is not all bad, "want to take into account the convenience and security, will inevitably promote the emergence of new technologies; For example: fingerprint identification, iris recognition and other body sense technology in the future may apply to the payment problem. ”

Another concern is regulatory issues, the central bank's financial Consumer Rights Protection Bureau Director Jiao recently said that internet finance to the protection of financial consumer rights brought about the challenge, "who is the Internet financial management?" Is the CBRC, the SFC or the CIRC? No one can figure it out. What if something went wrong? What if the boss runs with the money? Who will take the responsibility? ”

He Dexu, deputy director of the Institute of Economic and Technological economics at the Chinese Academy of Social Sciences, said that internet finance had attracted the attention of regulators, and the central bank had set up a special research group to carry out analysis and research on the national Internet financial situation.