随着互联网[移动支付](http://www.wiipay.cn/)的普及, 人们在日常生活中已很少使用现金, 越来越多的人享受着“一机走遍天下”的便利支付。但伴随移动支付应用快速发展的同时, 越来越多的个人信息遭到泄露, 手机支付伪假条码、付款码等时常被不法分子利用和盗刷, 给使用者造成了一定的财产损失。这些安全风险对我国互联网移动支付发展带来了严重威胁和冲击。因此本文通过详细梳理了当前互联网移动支付存在的安全风险进行简分析, 并针对这些问题提出了防范建议和意见。
1. Analysis of the security risk of Internet mobile payment
(1) Risk
of user information leakage With the continuous development of Internet technology and the massive use of big data, many enterprises have achieved accurate marketing of big data while using Internet mobile phone user data. However, there are also a large number of Internet companies that use collected data and management loopholes, which are used by illegal individuals and organizations, leading to the disclosure of personal privacy information. However, these enterprises have insufficient precautions against data leakage hazards and the cost of crime is too low, which has led these enterprises to use personal privacy information more casually. In order to obtain illegitimate interests, criminals steal user information through various loopholes in mobile payment of Internet means, stolen user name, mobile phone number, ID number, email address, home address, consumption records and other related information, or through some Illegal Internet companies purchase fraudulent information directly from users. There are even illegal companies that imitate real websites, develop some malicious code, promote malicious software, hijack users ’networks, and sniff users’ communication data to spy on users ’privacy and steal account passwords to guide users to provide private information or Induce and deceive users to obtain identity information and account information for fraud [1]. Mainly include online shopping refund traps, counterfeit bank websites, mobile payment risk identification, high imitation apps and false second-hand transactions. These malicious programs pose a great threat to the risk of stealing user information.
(2) Insufficient awareness of Internet mobile payment prevention
Faced with the rapid development of Internet mobile payment, users have insufficient awareness of personal information security protection. When using personal privacy information, they are more arbitrarily, especially when registering accounts, providing detailed personal information and easily authorizing enterprises to Collecting personal information, downloading untrusted installation software, setting the same account number and password between websites, scanning codes at random, etc. These actions pose a great risk to criminals stealing personal privacy information. Some users rubbed their nets and leaked user information, and free access to free WIFI in public places could easily result in users ’payment accounts and passwords being hijacked and maliciously used, or even users’ transactions and transfer funds being stolen. Some shared mobile phone charging piles are installed with malicious programs, and private information such as payment account numbers, passwords, and photos on users' mobile phones are vulnerable to attacks.
(3) Security risk of simple payment function
In order to enhance the user experience, many payment software has introduced user-friendly settings, such as small and secret-free payment settings, "gesture password payment" and "bank card quick payment function". Customers can more conveniently carry out various payment activities, but if the mobile phone is in the hands of others, others can make small payments or small transfers through their mobile phones, which undoubtedly threatens the safety of funds. At the same time, the use of static two-dimensional codes can easily bring the risk of tampering to users. Static QR codes, that is, the QR codes posted on various storefronts that we often see, are available for users to scan and pay. Although it is convenient for user experience, the QR code is also easily tampered or altered by people, and it is easy to carry Trojan horses or viruses. Blind scan code payment in an unsafe place may lead to risks such as account leakage.
2. Suggestions and opinions on the prevention of Internet mobile payment security issues
With the rapid innovation and development of Internet mobile payment, there will be more security risks in the use of Internet mobile payment. The unpredictability and complexity of the risks faced have affected more and more users using Internet mobile payment security. Therefore, when users are using mobile payment security accidents on the Internet, the relevant regulatory authorities should enhance security and anticipation, strengthen the construction of technical supervision methods, improve laws and regulations, increase the intensity of cracking down on mobile payment illegal crimes, and coordinate multiple departments in various aspects and methods. Improve and improve the security environment of mobile payment, so that mobile payment can truly and safely serve people's lives.
(1) Establish and improve the security mechanism for protecting personal information
First, establish and improve the relevant laws and regulations system for personal information protection. The protection of personal information has the characteristics of decentralized legislation and long supervision. It completes and perfects laws and regulations such as the National Cyber Security Law and Criminal Law, and further improves information security issues. Secondly, with regard to the fight against cybercrime and the protection of personal privacy, most netizens fully protect their privacy. Mobile payment security is not a matter for financial companies, but involves multiple units such as merchants, platforms, banks, network accessors, and law enforcement agencies. Finally, continuously improve the current regulatory system. Iterative upgrade of new technologies and new applications of the Internet presents the characteristics of interactivity, diversity, complexity, etc., and improves China's long-term mechanism for mobile payment supervision. Departmental multi-management, technical supervision and other coordinated operation of the supervision system allow stealing the interests of mobile payment users Speculators have no chance to drill. Adhere to the combination of online and offline, multi-sectoral joint intervention for security incidents, coordinated governance, clarification of main responsibilities and jurisdiction, and at the same time establish a coordination mechanism between various departments and establish a clear and clear level of supervision System to escort the development of mobile payment security
(2) increase user awareness of Internet payment security
Strengthen safety publicity, improve user safety awareness, ensure that users treat safety rationally, and avoid blind trust or excessive suspicion. To further strengthen and improve the safety awareness education of Internet mobile payment users, to download apps with certification logos or official application stores, do not access untrusted network environments, do not click on fake URLs, do not scan QR codes from unknown sources, do not Easily authorized, open fingerprint payment can improve the security of mobile payment to a certain extent; set a lock screen password, pay attention to mobile phone security settings, users should disable mobile phone privacy and related access functions, etc., to protect personal network privacy. At the same time, a one-click reporting channel for users is set up in the platform, and the latest fraud types, emerging security risk points, and personal privacy protection reminders are released to the Internet users in a timely manner through authoritative channels. In addition, the government and enterprises provide users with easy-to-understand, simple and clear safety awareness education. To enhance the guidance for safe use of users, enterprises should have a standardized, comprehensive, and easy-to-understand safety manual to provide safety guidance for user operations; encourage enterprises to provide safety assurance services and provide users with "one-click" safety services, such as safety environment inspection To prevent users from directly participating in complex security management [2]. Encourage enterprises to establish real-time monitoring and rapid response mechanisms to ensure that security issues can be discovered and resolved in a timely manner.
(3) Strengthen transaction security technology supervision and monitoring
Improve the review standards before the launch of mobile payment APPs, and the entry threshold. Enterprises are encouraged to increase their self-assessment of security risks before the APP software goes online, and invite qualified security manufacturers to conduct security testing and conduct credible certification. Strengthen daily inspections. For products that do not meet the standards and have potential safety hazards, they must be rectified in time in accordance with relevant laws and regulations to create a safe payment environment. Enterprises are required to conduct technical inspections on mobile payment transactions, find abnormal transactions, illegal transactions, user complaints and other issues, and should respond in a timely manner, strengthen analysis and judgment, promptly handle, and notify regulatory authorities. Achieve proactive discovery of security risks, strengthen management of security incidents, and retrospective management. Increase the punishment of criminals. Strengthen the application of artificial intelligence technology represented by voice technology and face recognition in mobile payment supervision [3].
3. Conclusion
With the development of network information technology and digital economy, Internet mobile payment plays an increasingly important role in the future payment field, so the security problems encountered in the payment process will also become increasingly prominent. It is necessary for users, enterprises and relevant government departments to establish a tripartite coordination and effective mechanism to deal with the security problems of Internet mobile payment, and strengthen personal information protection as an inevitable requirement for the future healthy development of Internet mobile payment, so as to ensure the safety and convenience of Internet mobile payment Serve the public more effectively.
