Joke Collection Website - Public benefit messages - Risks faced by mobile payment

Risks faced by mobile payment

First, the risk of mobile payment.

The potential security risks of mobile payment include the following aspects:

What are the risks of mobile payment?

1. Security risks brought by traditional services

The inherent services of mobile terminals include SMS, MMS, voice, etc. When users use SMS/MMS to complete information transmission and mobile payment, hackers may use advanced technical means to steal key information. At the same time, criminals also use fraudulent phone calls, mass text messages and other means to deceive users, so as to achieve the purpose of defrauding users of money.

2. The security risks caused by the loss of the mobile terminal.

The unique threat of mobile devices is easy to be lost and stolen, whether for personal reasons or stolen. Losing means that others will see important data such as telephone and digital certificate, and the person who gets the mobile device can make mobile payment, access the intranet and file system, which will bring serious economic losses to users.

3. Security risks caused by vulnerabilities in mobile phone operating system and app application software.

Operating system is the most important part of the mobile terminal, and many security risks in the terminal are related to the operating system, especially the developed Android system. Hackers can easily obtain users' confidential information by taking advantage of loopholes in the operating system, control the terminal with root authority, and impersonate legitimate users to use application software to complete mobile payment. Many loopholes in app application software allow hackers to monitor the mobile phone interface in real time, and capture important account information when the payment application security interface is running.

4. Security risks caused by free wireless network

Mobile payment requires mobile phone networking. Now many places have deployed free networks. However, these networks are easily hijacked and monitored by criminals. Steal users' personal data, bank account numbers and online payment account passwords through analysis software, and steal funds. 20 15 CCTV 3. 15 party showed WiFi cracking, phishing, fraudulent WIFI and other related wireless network security issues.

5. The security risk caused by the defect of the user login payment authentication method.

At present, most financial payment institutions use a single factor for identity authentication, whether it is SMS verification code authentication, fingerprint authentication, face recognition and other authentication methods, because the authentication factor is too single, the security can not be effectively guaranteed.

6. Security risks of QR code payment

As the main mobile payment method at present, there are two main problems in the security risk of QR code payment: First, the information storage capacity of QR code is dozens or even hundreds of times that of barcode, which means that QR code can be used as the carrier of Trojan virus or phishing websites. Even if there is no operation after scanning the code, it may lead to the disclosure of information such as account password and property loss. Secondly, the QR code also has the characteristics of simple manufacture, low cost and easy interpretation, which makes it easy to copy, tamper with or directly use it.

Second, how to guard against these risks?

To ensure the security of mobile payment from three levels: country, operator and personal consciousness.

At the national level:

1, improve the laws and regulations of mobile payment.

On the basis of existing departmental regulations such as Measures for the Administration of Payment Services of Non-financial Institutions, Guidelines for Electronic Payment (No.1), Electronic Signature Law and Measures for the Administration of Electronic Banking, we will formulate a unified mobile payment law and improve supporting laws, regulations and judicial interpretations. In the process of legislation, we should strengthen the security legislation of mobile payment, strengthen relevant responsibilities, clarify the rights and obligations of the parties and clarify the burden of proof.

2. Clarify the subject of supervision and strengthen supervision.

Responsible for the supervision of payment settlement, market access, capital security and financial security of mobile payment.

From the operator level:

All participants in the mobile payment industry chain should work together to ensure payment security. Mobile payment industry chain involves many participants, such as communication operators, application providers, equipment providers, payment service providers, system integrators and so on. No organization can dominate the whole industrial chain. In terms of operation mode, security standards and technical solutions, all parties concerned should strengthen communication and cooperation and adopt a cooperative attitude to improve the security of mobile payment. In the process of payment, banks, telecom companies and third-party payment companies should design a secure payment process under a unified security framework, improve the compatibility of payment terminal equipment, encryption authentication, application programs and other software and hardware, integrate the security management system, improve the collaborative processing mechanism, and deal with mobile payment security incidents.

Establish and improve the reporting mechanism, and stop using phone calls and text messages marked as fraud in time. At the same time, it protects the owner's information security and prevents his mobile communication information from leaking.

Third-party payment has joined hands with insurance to provide compensation for losses. In fact, in order to dispel consumers' doubts and worries about online payment and mobile payment, many third-party payment institutions have been paying in full for products such as fast payment, mobile payment and Yu 'ebao. In April last year, Alipay began to provide financial guarantee for users in the form of insurance. Alipay's capital security is fully underwritten by Ping An Insurance. If the user is stolen, Ping An Insurance will pay in full. Alipay promises that there is no upper limit on the amount of compensation, and all the premiums will be borne by Alipay.

In fact, many third-party payment companies have indicated that whether it is PC payment or mobile payment, the most risky place is in Trojan phishing websites, especially mobile phones. 99% of thefts are related to this, and the rest are users cheated, not because they lost their mobile phones.

Personally.

3. Improve users' risk awareness.

Users should improve their risk awareness, pay attention to the confidentiality of personal information, and don't tell strangers or some untrustworthy network links such as ID number, transaction password, mobile phone number and dynamic password. Beware of fake and shoddy mail, so as not to be infected with Trojan virus by delaying links or attachments in the mail.

4. Strengthen the security of the mobile terminal itself.

Users should pay attention to some security matters when using bound mobile payment, such as changing passwords regularly for two to three months to avoid using the same password for a long time; Set a separate password with high security level; Use digital certificates, U shields and other security products; Binding mobile phone, using mobile phone dynamic password, etc.

Pay attention to protect the safety of your own computers, mobile phones, tablet computers and other devices that use mobile banking, install security software as much as possible, upgrade the equipment system in time, avoid using devices that have "escaped", "cracked" and "gained root" to operate mobile payment, and prevent the harm of malicious programs such as viruses and Trojans.

3. Enhance the security of network communication.

Although there are still many security risks in wireless networks, there is no doubt that wireless networks have brought great convenience to our lives, and we should find ways to solve these security problems. On the one hand, the administrator of wireless network should shoulder the main responsibility of improving the security level of wireless network. On the other hand, users of wireless networks should have basic security knowledge and abide by basic security rules, such as don't casually visit unfamiliar AP, don't casually visit wireless networks without passwords, and don't conduct mobile payment operations in public places.

4. Be careful with the QR code

If users want to use QR code to pay for code scanning, they must first confirm the authenticity of the QR code scanning software they use, which requires consumers to download the code scanning software through formal channels, and do not download and install it in unfamiliar channels at will. It is recommended to install a QR code detection tool. After the consumer scans the QR code, the detection software will automatically detect whether the QR code contains Trojan virus, malicious links, fee deduction software and other security conditions, thus establishing a firewall for consumers, reducing the risk of mobile phone infection and ensuring the safety of consumers.

Users can develop good payment habits themselves, which can greatly reduce the risk of funds being stolen. Consumers are advised not to scan the code when they see it, but to pay more attention. The QR codes made by some regular businesses are generally safe and reliable. Don't blindly scan some QR codes with unknown origin and preferential activities, such as street advertisements, leaflets and pop-ups on websites. Before scanning the code, make sure they are true and reasonable, and whether they come from a regular merchant. When QR code payment is enabled, a certain transaction limit should be set, and the account funds should be reminded by SMS to improve the security of funds. When scanning code for payment, we should pay attention to identifying whether the link jumped after scanning code is a normal page, and then submit it for payment after confirmation.

At present, some websites and TV media have opened the QR code shopping function one after another, and scanning the QR code on the screen can easily complete the payment. Before paying, consumers should be vigilant, see clearly the authenticity of the business transaction and the legitimacy of the business itself, and whether there is a qualified third-party platform to provide protection for the transaction, so as not to cause money and goods to be empty.

5. Do not install the software.

Install the software to a regular mobile phone store for downloading, and then check and kill the virus in time after downloading to ensure that the downloaded software is safe and nontoxic. Don't download and install software of unknown origin at will to prevent some fraudulent software from pretending to be other software and loading it into your mobile phone. Report some unknown software in time to prevent the spread of the virus.

Legal basis:

Measures for the administration of online payment business of non-bank payment institutions

Article 2 These Measures shall apply to payment institutions engaged in online payment business. The term "payment institution" as mentioned in these Measures refers to a non-bank institution that has obtained a payment business license according to law and is allowed to handle online payment services such as Internet payment, mobile phone payment, fixed phone payment and digital TV payment. The term "online payment service" as mentioned in these Measures refers to the activities that the payee or payer remotely initiates payment instructions through computers, mobile terminals and other electronic devices relying on the public network information system, and the payer's electronic devices do not interact with the payee's specific exclusive devices, and the payment institution provides monetary fund transfer services for the payee. The term "payee-specific exclusive equipment" as mentioned in these Measures refers to the electronic equipment specially used for transaction collection, which interacts with the business system of the payment institution and participates in the generation, transmission and processing of payment instructions in the transaction process.