Solve the payment security problem what should the bank do?

Background retrospective event one by one private organizations claiming to be the "Net Bank victims Alliance" have begun to defend themselves against ICBC's online banking system security issues. Two weeks, ICBC on the Internet bank users concerned about the issue of a positive response, but the "net silver victims of the alliance," the collective rights continue. Event two domestic antivirus software manufacturer Jiangmin released news, its anti-virus center monitoring, Everbright Securities Sunshine Network provides a variety of online securities trading procedures bundled Trojan virus. When users run these installers, they will download the net-silver Trojan, which threatens the security of the account password of ICBC online bank. Why is the security problem of Internet payment so prominent? Analysys International Analysis: The connotation of electronic payment is a product of credit, and the extension is the process of "paying the price" or "delivering the value". Electronic Payment according to user behavior and background operating mechanism can be divided into "on-site payment----face-to-face pay" and "remote payment----not face-to-face pay" two, internet payment is the latter. The value of Internet to traditional business is more to solve the problem of asymmetric information, and in payment, the user payment experience will be from "face to cover" to the Open, virtual----"not face-to-face" transfer, which requires a long process, especially the Chinese credit system is still in the initial stage. Thus, the security of Internet payment becomes the focus problem. What are the factors involved in payment security? How to classify? The security of electronic payment is usually composed of the factors of validity, authenticity, integrality, confidentiality, irrevocable, undeniable and authentication. For "non face-to-face" internet payments, these elements are more complete. According to the extension and connotation of electronic payment, the international security of Internet payment is divided into two aspects: hardware and software, the first hardware, the technical means. Usually by the card organization, it vendors, payment channel service providers (such as telecommunications operators), such as: symmetric and asymmetric encryption technology, SSL, SET, 3d-secure, NFC contactless communication smart card technology, and data mining based transaction monitoring and analysis programs. The second software, namely the credit management mechanism. Security is not only a technical means, but also a credit management mechanism formed by organization process Management. These include the establishment of a sound management system based on technical means, processing procedures, operating norms, in response to possible fraud, errors, disputes, to provide an effective solution to the process and treatment methods, reasonable distribution of responsibility (including users, businesses, payment service providers), the user security payment behavior market education and so on. What's wrong with the bank? In terms of the deployment of online payment security measures, the bank has focused more on "hardware" than on "software" inputs, Analysys said. At present, the main payment tool for online payment is Bank debit card [Note 1], which is essentially the substitute of Passbook, which belongs to the bank's traditional debt business----deposits. As a result of the history of the bank for the pursuit of a single card, the formation of high costs in a short period of time difficult to digest, while the banks are facing from a single asset and liability business, to assets, liabilities, intermediate industryDiversified business transformation of the operating pressure, thus causing the bank's current security "software" aspects of the transformation or upgrading of the motivation is insufficient, risk management means mainly rely on the peripheral credit management system (such as the central bank's personal credit system), or transfer responsibility to external markets and users. This is different from the responsibility of the third party payers who are mainly engaged in "credit intermediary". How should banks respond? 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' style= ' width:566px; height:430px "height=411 src="/files/uploadimg/20060918/1008480.jpg "width=526> Analysys International advises banks to take the following measures (the same applies to bank card organizations): In the short term, although the online payment of the occurrence of unsafe events, mostly caused by the user's own reasons [Note 2], but the bank in the process of dealing with online payments and security disputes between users, the lack of their own responsibility is not enough to understand. Banks should go deeper into the flow of payments at the business level in all areas, the establishment of the corresponding management system, operating norms, risk management methods, the establishment of a sound credit system, such as the end of the client and the merchant end of the set up a dual certification system, in the payment process fraud, errors, disputes and other issues, supporting reasonable management means, etc. Thus, it is advantageous to rationally distribute the risk responsibility among the members of the value chain and reduce the potential loss and controversy. In the medium and long term, due to the online payment of this "not face-to-face" payment channels, its rooted soil is a perfect credit management system, if the bank still only consider the security "hardware" input, ignoring the security "software" input, the use of risk transfer to external markets or users, will lose the trust of the future market, In the next round of market competition in a passive position. Analysys International believes that, in the electronic payment of today, for any industry, electronic payment is an important part of the operation (the core of capital flow), and for any enterprise, is a strategic asset, although the bank is in the payment of a "congenital" traditional advantages, but in the electronic payment market gradually show the trend of industrial integration, Since security becomes the focus of users ' online payment, the bank should deepen the payment flow in various fields, increase the investment of security "software"----credit management system, and learn from the Third-party payment service providers. Otherwise, it will lose the initiative to the market. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passed (0 votes) to the original: To solve the problem of payment security Bank what to do? Back to network security home