The security of Internet payment is becoming more and more obvious

There has been a heated discussion about payment products, and in which the most critical issue is security. Payment products in the daily sales to customers and other payments to bring convenience, along with the attendant also brought serious security issues, pay security incidents are frequently seen in the newspaper media.

and the Internet Financial Laboratory of the weekly financial management from the payment of product safety measures, the main Third-party Payment Enterprise Security system Radar model also has a common occurrence of risk events on the payment security detailed evaluation.

Open Certification

Users in the use of Internet payment will need to open the relevant business, and in this process, payment agencies for the user's information collection is very important, this is the first step to pay security.

Bank: If users need to open online banking or mobile banking, must carry identity card to the bank counter, to provide banks with bank cards, ID cards, mobile phone numbers and other information and signed to be able to complete.

Third party payment: Because the third party payment is the Internet company, its registration and the opening of related services, are through the Internet, users do not need to face sign, and the information provided for the real name, mobile phone number, mailbox number, ID card and other personal information. Like what

Organizational structure: A dedicated wind Control department, compliance Department and Customer service department three level one department.

System security: Security systems, risk systems and money management systems that conform to central bank standards.

Security Products: Security controls, dynamic password cards, digital certificates, verification code.

Information Security services: Funds change SMS notification, mail notification.

Compensation mechanism: Fault compensation mechanism.

Safety Publicity: Special website Security Reminders page and 315 complaint website propaganda.

Security cooperation: With the bank, safety production operators.

Analysis of comments: IPs in the indicators did not highlight the performance, but its use of international technology, independent research and development of anti-fraud systems.

The problems of paying enterprises

Although payment enterprises in the payment of security and a lot of effort, put a lot of resources such as manpower and resources, however, the current payment enterprises in the payment of security still exist some problems to be solved and promoted. According to the introduction of China Financial Certification Center, we can see that the payment enterprises have the following problems:

The IT system that carries the payment business is vulnerable: first, the development of the operating environment, including the development of test environment and production environment is not strictly separated; The second is the basic environment of IT system, including weak identity authentication, lax logic access control, the application of identity authentication mechanism, the server being attacked by web security and the disclosure of the sensitive information of front-end users, and the security of data storage and backup.

The internet payment itself is weak: The data classification control not strictly leads to the outflow of the user's sensitive data, the loopholes caused by the logic of the promotional function module, and the inconsistent state of the line Bill processing.

To carry out payment business company management control exists negligence: The customer pays the payment management to have no audit control mechanism; The error processing process has no audit control mechanism; merchant audit and risk classification mechanism is not perfect.

Security issues that users face

Although banks and third-party payment enterprises have adopted a variety of security measures to protect users, however, in the course of payment transactions, security incidents frequently. At present, the main problems are the following categories:

Encounter Trojan, steal password: the use of household infection comprehensive Trojan, comprehensive Trojan has screen view, remote control, keyboard records and other functions. The hacker uses the keyboard record function to record the account number, the password, the transaction password, and then uses the remote control function to manipulate the user computer to carry on the transfer.

Phishing website, lured to pay: Outlaws posing as sellers, in the user prepared to deal with the problem of the network, to send users a link to a URL, users click on the link is often similar to the payment page. After the user has paid for the page, the seller says no payment has been received. The payment information is not displayed when the user queries from the network bank via normal login. The actual criminals through the phishing website, enticing users to pay other accounts, resulting in loss of funds.

Fake customer service, cheat information: Outlaws posing as customer service or sellers, luring users to login phishing website, access to user names, passwords, security issues and answers, and then use security issues and answers to remove the binding, while avoiding mobile phone dynamic password restrictions, or access to mobile phone dynamic password, steal funds.

U shield does not pull out, remote monitoring: Users after the use of U-shield, especially in the public computer after the payment, did not pull out the payment shield in time, by outlaws remote control "borrow".

QQ Help, rashly pay: Use the user's familiarity with the trust of friends, steal QQ, MSN, Ali and other instant communication numbers after sending help information, request remittance or payment funds, the user did not verify whether I use online payment for money transfer. or through QQ sent to have a dangerous link, the user due to the trust of friends, rashly click Encounter Phishing site or Trojan virus.

Sweep two-dimensional code, hidden mystery: two-dimensional code Trojan fraud is a new form of fraud in the 2013, lawless elements posing as buyers, orders and other requirements to the seller to send two-dimensional code, the seller once scanned two-dimensional code on the Trojan, the phone received a variety of verification code SMS will be intercepted, and then to the illegal hands, thus stealing brush.