Internet finance has developed in an unconventional and leap-forward way, and the innovation of payment methods has also seen a hundred schools of thought contending and a hundred flowers blooming. So, what are the security risks of Internet financial payment methods? Below I have collected and compiled the security risk analysis of Internet financial payment methods for everyone, hoping to help you!
Security risks of Internet financial payment methods
1. QR code payment
It is the so-called "pay as you click". Open the payment client on your mobile phone. There is a QR code recognition function, which can be used to photograph and identify QR code product information printed on various objects. After recognition, you can directly click to pay and complete the transaction. The goods are delivered to your home by courier.
What can QR codes be used for? Simply put, there are currently application models such as information acquisition, website jumps, software downloads, advertising push, mobile e-commerce, discount promotions, membership management, and mobile payment. Both QR code near-field payment and remote payment modes can be used. Due to the widespread application of QR codes, if QR codes are used solely for transaction verification, people who do not understand security can easily be deceived into executing malicious programs by scanning QR codes from unknown sources. This is how a scammer succeeded in losing RMB 180,000 by scanning a QR code. Personally, I think the research and development of effective classification of QR codes and trusted secondary verification should be put on the agenda, so as to provide a more secure QR code verification platform.
2. NFC mobile wallet
Turn the phone into a real wallet by implanting an NFC chip in the phone or adding an NFC patch outside the phone. When paying, merchants need to provide corresponding receivers, so that everyone can use their mobile phones to complete the "swipe" action and make payment conveniently. The whole process is very much like swiping a bus card.
It should be noted that NFC refers to Near Field Communication, and the Chinese name is "Near Field Communication Technology". Through NFC, you can easily transmit address books, pictures, music, etc., and can also be used for payment.
NFC is suitable for near-field payment. The characteristic of NFC is wireless interaction. However, transactions will occur without the customer’s knowledge in a certain mode. In the previous hacker conference, someone demonstrated the use of a pendant to swipe the card. Money, what’s even scarier is that you can put the card swiper on the door frame, so it’s difficult to trace the card swipe by one person, because after the software is turned on, most people will not turn it off after using it. This will bring a lot of potential risks, so I think NFC should Adding a physical switch will only activate it when pressed and held instead of being turned on by software. The design of China's QuickPass and e-wallet is extremely strange. This idea is actually very good, because the risk of small-amount payments below 1,000 does not need to be confirmed and the responsible institution will bear the risk. However, using asynchronous reconciliation will It is an inexcusable business process design error. Because when recharging, the money has been solidified into the chip of the card, which is equivalent to the data pattern of the transferred funds, and this data can be copied. Through technical means, the data in the card and the last ten transactions can be directly dumped, so we Countless cards can be written, and in theory, countless transactions can be made using these cards before the reconciliation date. This kind of risk is something that no financial institution can bear. Therefore, the reconciliation mode must be changed to real-time trading mode and a physical start button must be used.
3. Shake to transfer
Everyone opens the payment client, takes out their mobile phones and "shakes", and the other party's account number will automatically appear on your mobile phone. Next, It is a convenient way to enter the amount and receive payment. It is a great tool for partygoers and fruit stall owners to check out. The technology behind it includes GPS, Bluetooth, gravity acceleration, NFC, etc. Of course, users do not have to remember these terms.
Shaking itself is a near-field signal transmission, so as long as someone keeps sending shaking information to respond first, it is very likely to hijack the trading session. Personally, I think it may be relatively safer if the identity of the other party is displayed, but this method of payment is extremely unsafe and can easily be confirmed remotely by mobile phone hijackers.
4. SMS payment
SMS payment has been around for a long time. You can complete various payments such as mobile phone recharge by sending a string of characters to a designated number. Now there are more interpretations. For example, SMS payment makes paying utility bills online an "amazing" function. When you use it for the first time, you still use a PC to operate online, log in to your account on a third-party payment website, and pay. After paying the utility bill, select "Payment Reminder". From then on, when it is time to pay the bill every month, the payment company will automatically send a text message and reply with three verification codes. The utility bill will be paid in just 3 seconds, and the power will never be cut off at home. Later, this function evolved into "Super Transfer". You don't even need to know the other party's account. After initiating the transfer on the payment client, the other party can reply to the bank card number via text message to complete the payment.
Because SMS payment for gas and electricity bills is implemented in transactions where specific information can be checked, I think the security is guaranteed, but it is difficult to say in other transaction environments. 2G text messages can actually be monitored over the air near the mobile phone. In addition, hackers can also hijack them through Fetion or other clients including text message transfer. This single authentication only applies to specific business models. Do not promote it blindly. The Super Transfer payment client may be hijacked by hackers to remotely initiate SMS transfers.
5. “Geo-fence” recognition, “view photo” confirmation of payment
When you arrive within 100 meters of Cafe A, the payment application being used by the cafe will Activate the Geofencing technology to automatically sense your arrival, call up your account, name, photo and other information, and of course also send you a notification at the same time. Once you receive the notification and confirm the purchase of a cup of coffee, when you arrive at the coffee shop, you only need to say your name, and the cashier will look at the photo to confirm that it is you. Then she can press the payment confirmation button to complete the payment, and you can hold it. The coffee is gone. Soon you will also receive a push notification telling you how much you spent and get an electronic invoice.
This near-field transaction model is relatively safe, unless hackers invade the mobile phone and maliciously operate it to steal money. However, because the traceability risk of the merchant is not very high, I personally think this model is safer. Of course, the premise is that this kind of payment is only bound to those registered merchants that provide this kind of transaction.
6. Voice payment
Specific voice commands have been embedded in TV advertisements, and corresponding payment applications are installed on mobile phones. When you open the payment app while watching TV, it can receive and recognize the voice band embedded in the advertisement, and proactively ask the user if they want to purchase the product and complete the payment.
Voice payment is actually a mode of remote data recognition and customer confirmation. It is safer if this kind of payment is only bound to a few registered merchants that provide this kind of transaction.
7. Image recognition payment
This kind of payment can be called the credit card version of the "business card king". It uses the mobile phone camera to read credit card information, including the credit card number and expiration date. , and then you can initiate payment.
The payment collection mode is safe, but the confirmation process is worrying. If a hacker initiates payment to the hijacked mobile phone, it is likely to remotely operate the payment. How to solve this problem with key payment actions is worth thinking about.
8. Ultrasonic recognition payment
This function is actually a "near-field" recognition, but it uses ultrasound to allow the mobile phone to complete a near-field recognition through the microphone and speaker. "Recognize each other" without having to rely on a dedicated chip or modify your mobile phone. The user experience is consistent with all "swiping mobile phone" payment methods.
The essence of the ultrasonic recognition mode is the transmission of data. Hackers can use the data interface to remotely initiate transactions and hijack the confirmation to transfer money. This mode is also unsafe. I personally think that the operation of the ultrasonic mode is complex and unscientific. Worth promoting.
9. Portable card reader
Portable card reader can be used to identify various bank cards, so as to achieve the purpose of swiping the card for consumption or payment at any time.
The card swiper is small, square or rectangular in shape, and easily plugs into the headphone jack on your phone. Once installed, open the app and swipe your card.
This model is essentially a simple data transmission, so hacker merchants can use the data interface to record the transaction, then replay the information or re-initiate the transaction to steal the customer's money. This model can be promoted and used if personal information is bound to the device and complete registration is provided, but the current model is risky.
10. Barcode payment
This payment method is more like "barcode collection". By installing a payment client, your third-party payment account can be generated as a barcode, and the cashier uses a barcode gun to scan the user's mobile phone. The user clicks the button to agree to pay, and the payment is completed in one go.
This model is essentially a simple data transmission, and the confirmation process is simple. Then hackers can use the data interface to remotely initiate transactions and hijack the program to directly confirm the money transfer.
In summary, we can see that no matter near-field or remote transactions, as long as the transaction results can be traced back to the specific person responsible, then this kind of transaction is very safe, and no fool will use stolen money. The money is used to pay the gas, water and electricity bills for one's own family, and no TV advertising merchant dares to maliciously hijack customers to buy goods, and other transaction models have great risks.
Mobile browser secure payment and convenient payment break through mobile electronics
On April 20, UC Youshi and Alipay*** announced the launch of a secure payment service based on the mobile browser network. Based on the same architecture, both parties jointly launched the first domestic UC-Alipay mobile payment solution that enables in-browser payment, allowing users to shop and pay online through mobile phones without complicated operations, and can quickly complete payments using UC Browser.
With the continuous maturity of mobile payment solutions, a major bottleneck in the development of mobile e-commerce has been broken, and mobile e-commerce has ushered in a development climax.
Make up for the shortcomings in the development of mobile e-commerce
CNNIC data shows that as of the end of December 2010, the number of mobile Internet users in my country has reached 303 million, further approaching the scale of PC Internet users. China Mobile The Internet industry faces historic development opportunities.
Many traditional e-commerce companies have sensed this business opportunity. Dangdang, Taobao, etc. have launched mobile client solutions. As early as February 2008, Taobao launched the mobile Taobao webpage. Not long ago, Vancl Eslite's mobile client and Vancl.com were launched. Currently, the daily orders generated by the mobile client account for 3% of the daily transaction volume. JD.com is also developing mobile e-commerce. However, payment issues have become a major bottleneck in the development of mobile e-commerce.
In addition, the development of many businesses based on the mobile Internet has put forward urgent demands for mobile payments. "The function of the mobile Internet is not just about simply accessing and publishing information. We are exploring how to let consumers use mobile phones to meet more needs in their lives. This is also the challenge we face." Alipay CEO Peng Lei pointed out that last year Since then, more and more consumers are willing to make purchases through mobile phones. In the Spring Festival of 2011, wireless payment transactions completed through Alipay increased 15 times year-on-year. She added that new business models implemented through mobile phones are emerging one after another, such as group buying, operating stores, games, etc. The emergence of these new applications and business models has also put forward higher requirements for the mobile payment environment.
Yu Yongfu, chairman and CEO of UC, pointed out that there are three main profit models in the mobile Internet industry: one is advertising, the other is games, and the third is e-commerce. In addition to advertising, the other two profit models face the problem of how to pay. The breakthrough development of my country's traditional Internet in the field of e-commerce benefited from the unique cash on delivery model and later electronic payment, which solved the payment problem. "Mobile payment is an important 'blood-making' mechanism for mobile Internet companies - a profit channel. If the payment channels are not opened up, the development of the industry will fall into a bottleneck. This is a very important problem that needs to be solved, and there is also a huge opportunity." Yu Yongfu said.
Mobile operators, UnionPay, third-party payment platforms, as well as mobile payment terminals and chip manufacturers all see the huge market potential of mobile payments. In March 2011, China Telecom established a payment company, Tianyi E-Commerce Co., Ltd. Not long ago, China Unicom established Unicom Woyifu Network Technology Co., Ltd. to develop mobile payment services. China Mobile has previously taken a stake in Shanghai Pudong Development Bank and plans to establish a payment company. It is currently actively applying for a third-party payment license.
However, judging from the current situation, operators' mobile payments are mainly used for payment of their own website's e-commerce business, or payment for traditional transactions, and have not really expanded into the field of mobile e-commerce.
Due to the complexity of software, network, and terminal environments, users cannot directly use PC Internet payment methods on mobile phones, which hinders the development of mobile Internet from shallow applications such as reading to deep applications such as mobile shopping. , which has greatly restricted the healthy development of the mobile Internet and e-commerce industries.
“There is a future with payment, but if payment is not safe and fast, there will be no future.” Zhu Yinjia, general manager of Alipay’s wireless business unit, believes that in the second phase of development from shallow applications to deep applications At the key point of development, payment needs to be securely and seamlessly integrated with user needs, and in-app payment is the best choice.
Create a new payment experience
On April 20, based on the mobile secure payment launched by Alipay, UC Youshi teamed up with Alipay to launch a mobile browser secure payment service. Solution: The first batch of UC Browser 7.7 versions based on Android, Symbian and other platforms has been launched. In the future, it will also support iPhone, WP7, Blackberry and other mobile platforms.
Qiu Changheng, head of Taobao’s wireless business, believes that users use mobile phones as e-commerce terminals for convenience, so the payment method must be simple enough. In addition, users come for convenience and leave because of insecurity. Therefore, the mobile browser secure payment service launched by UC Youshi and Alipay fully takes into account users' needs for convenience and security during the design process.
After the user downloads and installs the UC Browser 7.7 version loaded with the mobile payment solution, the Alipay payment page will appear during the payment process. The first time you use it, you need to associate it with your Alipay account. Subsequent payments will be Enter the quick payment method, and you do not need to enter a password for small payments below 200 yuan. These measures have greatly improved the mobile payment experience.
In terms of security, Alipay secure payment provides identity authentication, customizable verification methods (including passwords and SMS), secure transmission mechanisms based on HTTP and private security algorithms, and identification codes corresponding to mobile phone hardware. , as well as industry-leading security measures and mechanisms such as regular key updates.
In terms of convenience, users do not need to jump out of the current application to pay on their mobile phones. They can quickly complete it on the current page, which reduces 4 to 5 jump steps compared to WAP payment. At the same time, in terms of key sources of payment funds, Alipay has also added quick payments that do not require logging into online banking on the basis of balance and card payments. Users only need to enter the card numbers and payment passwords of 10 cooperative banks to make payments, and there is no payment limit. limit. Quick payment is currently the most advanced payment method in the field of online payment, reaching the payment success rate of offline card swiping.
Liang Jie, President of UC Technology, said: "UC Browser's cloud/end architecture can support secure payment plug-ins, and UC Browser carries the entire user process from visiting the merchant website to placing an order and confirming the purchase. And by calling the Alipay secure payment plug-in, the information flow of mobile payment users is encrypted and protected. "
" It can be seen that this solution solves the complex terminal and network environment problems that have plagued the mobile payment industry for many years, making mobile Internet users more secure. As long as you use a mobile browser to access the merchant's website, you can directly complete the secure payment, realizing fast and convenient mobile secure payment, and opening up the mobile payment channel that has been sluggish for a long time in the mobile Internet industry.
This solution helps users get rid of the cumbersome mobile payment process and eliminates security concerns about mobile payments.
Driving the explosive growth of mobile e-commerce
"Similar to the PC Internet era, Alipay will provide low-level payment services, bring applications and scenarios to partners, and support everyone to move forward. " Alipay CEO Peng Lei believes that the next few years will be a period of rapid development of mobile Internet payment, and it is likely to shape the future market structure. "Only when the mobile Internet entrance is combined with the payment system can the mobile Internet truly mature and usher in a broader market. For users, this is also the beginning of a more convenient life." Peng Lei said.
Yu Yongfu pointed out that the release of UC-Alipay mobile payment solution has cleared the roadblocks for users on the road to using mobile payment, stimulated their enthusiasm for use, and not only driven mobile e-commerce to usher in a new era In the blue ocean, the entire mobile Internet industry such as novel reading, music downloading, mobile online games, business travel, and group buying websites will usher in new development opportunities.
At the press conference, many guests believed that the UC-Alipay mobile payment solution provides a safer and more convenient experience for both merchants and users, and will greatly unleash the vitality of the mobile Internet. Zhu Yinjia believes: "UC-Alipay mobile payment solution covers the current mainstream user group of mobile Internet. Entrepreneurs can put aside the difficulty of collecting money and focus more on determining the products and services that users pay for." , This is not only beneficial to users, but will also have a positive impact on the entire industry. ”
Qiu Changheng analyzed that solving mobile payment is like removing the curse on Sun Wukong’s head. Mobile e-commerce is playing an important role. There will be a huge explosion in the next two years. In two years, or no more than three years at most, it will be able to catch up with the 10 years of accumulation of PC e-commerce.
Analysys International predicts that the number of mobile payment users in China will rapidly grow to 221 million by the end of 2011, surpassing the number of PC Internet payment users. Mobile e-commerce will also usher in the first year of full-scale explosion.