时间：2017-12-28 17:01:01 Source: Time: 2017-12-28 17:01:01
The central bank requires that static barcodes should be displayed on anti-counterfeit paper for visual / visual China
Relevant responsible persons of the central bank stated that some market institutions adopt unfair competition methods such as dumping and cross-subsidization in pricing and marketing strategies when conducting bar code payment business, abusing the market advantage of the institution and its affiliated companies, and excluding and restricting payment services. Competition has led to disorderly development and unfair competition in the payment industry and disrupted market order.
The most popular payment method-scanning code payment finally said goodbye to the barbaric growth and began to follow the rules. Yesterday, the People's Bank of China issued the "Public Bank of China Notice on Printing and Distributing" Barcode Payment Business Specifications (Trial) "(Yinfa  No. 296), and issued the" Barcode Payment Security Technical Specifications (Trial) "and" Barcode Payment Acceptance Terminals ". Technical Specifications (Trial) (Yinbanfa  No. 242 issued), implemented from April 1, 2018.
Unfair competition in some market institutions
A person in charge of the central bank said that in recent years, the barcode payment business has developed rapidly, showing advantages such as low thresholds and convenient use in the field of small and convenient payments. The market share has continued to grow and has become an important embodiment of the development of mobile payments. At the same time, the technical implementation and business risks of barcode payment are special compared to traditional bank card payments. Some market institutions also have problems in disrupting the fair competition order and inadequate payment risk prevention during business development.
The person in charge pointed out that while bar code payment reduces the entry barrier for merchants, it also exacerbates the chaos in the acquiring market. Some market organizations use the features of barcodes that can be sent remotely and are not restricted by professional acceptance terminals. In the process of merchant expansion, they failed to fulfill the obligation of "know your customers", and developed merchants in violation of regulations through "one license to get off the plane", which exacerbated cashing, The second order, the outsourcing management is not in place, and there are all kinds of hidden dangers to the security of the market, which cause greater harm to the sustainable development of the market.
At the same time, while promoting the universal development of mobile payment, barcode payment has disrupted the fair competition order in the market. Some market institutions adopt unfair competition methods such as dumping and cross-subsidization in pricing and marketing strategies when launching bar code payment business, abusing the market advantage of the institution and its affiliated companies, excluding and restricting payment service competition, which has caused the payment industry to fail. Order development and unfair competition, disrupting market order.
Barcode payment poses security risks
In addition, bar code payment uses open Internet and non-professional equipment for transaction processing, which brings certain technical risks. Including: visual risks, bar codes are displayed graphically in the open Internet environment, criminals can steal payment vouchers through screenshots, candid shots, and other means, and embezzle funds during the validity period of payment vouchers; the risk of carrying malicious code, not only bar codes can Store payment elements and can also carry illegal links or program codes. Criminals can make Trojan horses and phishing websites links into barcodes to induce customers to scan and steal sensitive payment information. One-way interaction risk of information can only be achieved by the initiator or The recipient's one-way information interaction, the criminal can use this weakness to implement a "man-in-the-middle attack", bypassing the identity authentication mechanism, causing loss of user funds; the risk of low security strength of code scanning equipment, low requirements for bar code payment equipment, ordinary mobile phones Cameras, simple cash register scanners in supermarkets, and other devices that do not have security functions such as encryption and tamper resistance can recognize barcodes, which is easily modified and used by criminals.
Up to 500 yuan per customer per day
The documents issued this time emphasize business qualification requirements. It is clear that when a payment institution provides barcode-based payment services to customers, it shall obtain an online payment business license; if a payment institution provides barcode payment receipt services for physical and merchant merchants, it shall obtain a bank card acquisition business license and online payment, respectively. Business license.
The central bank also called for strengthening merchant management and risk management. Specifically, the central bank first divided bar codes into two categories: static and dynamic. The payment QR code posted by small street merchants is a typical static barcode. The central bank stipulates that those who use static barcodes for payment have the lowest risk prevention capability, which is D-level and the lowest limit. No matter what kind of transaction verification method is used, and the payment is made using a static barcode, the cumulative transaction amount per day for a single bank account or all payment accounts and fast payment of the same customer should not exceed 500 yuan.
The risk prevention capabilities of dynamic barcodes are divided into three levels of A, B, and C from high to low, and the transaction verification method barcodes and payment limits corresponding to different levels are also different. The more secure the dynamic code payment, the higher the transaction limit.
Dynamic code for verification using two or more types of valid elements including digital certificates or electronic signatures. The risk prevention capability is Grade A. Banks, payment institutions, and customers can independently agree on a single-day cumulative quota through an agreement.
For verification using two or more types of valid elements (not including digital certificates and electronic signatures) (Note: fingerprints, passwords, etc.) for verification, the risk prevention capability is level B, a single bank account or all payment accounts of the same customer, fast The maximum cumulative transaction amount for a single payment day is 5,000 yuan.
Dynamic code payment using less than two types of valid elements for verification, the risk prevention capability is level C, and the single customer's single bank account or all payment accounts, and the fast payment single-day cumulative transaction amount is up to 1,000 yuan.
The relevant person in charge of the central bank explained that in order to guide banks and payment institutions to improve the security of transaction verification methods and strengthen the protection of customer funds, for those with high risk prevention capabilities and more secure transaction verification methods, no upper limit is set. Market entities can Agreement with customers on transaction limits. Based on the consideration of security factors such as anti-replacement and anti-theft brushing, banks and payment institutions are required to implement stricter limit management measures when using static barcode payment to encourage market entities to provide more secure dynamic barcodes to provide payment services. According to the bar code payment transaction data of major market institutions, the above quota has covered the needs of most payment customers and merchants using bar code payment.
Static barcodes should be displayed on anti-counterfeit paper
The most common static barcodes on streets and alleys are convenient to use, but they can be easily tampered with or altered, they can easily carry viruses, and their authenticity is difficult to distinguish, leading to higher payment risks.
The new rules of the central bank proposed a series of measures to prevent the risk of static barcodes. The first is that static barcodes should be encrypted and generated by the back-end server. The barcodes should be displayed on anti-counterfeit paper. The anti-counterfeit paper should have certain anti-counterfeiting features. The second is that the media displaying static barcodes should be placed within the sight of the merchant cashier, and the merchant should regularly check the media. The third is to require static barcodes to use physical protection means such as protective covers to avoid being covered or replaced. It is advisable to use anti-counterfeit labels to mark the protective covers. Fourth, it is required to clearly display the payee information at a prominent position on the static barcode medium, which is convenient for users to check. Fifth, through the hierarchical management of risk prevention capabilities, further standardize the use of static barcodes, and encourage the use of scanning methods for receiving funds with higher risk prevention capabilities.
Small and micro merchants have a credit card barcode payment limit
A relevant official of the central bank said that considering that the barcode payment business involves bank accounts and payment accounts, and can be applied to online special merchants and physical special merchants, in order to maintain the consistency of the regulatory system and standards, follow the relevant requirements of bank card acquisition business management , Clarified specific management requirements from the aspects of barcode payment special merchant expansion, special merchant approval, special merchant information retention and management, blacklist management, physical localization of physical merchant management, and outsourcing business management.
At the same time, in order to take into account the needs of small and micro merchants to accept bar code payments and promote the development of inclusive finance, it is clear that small and micro merchants can accept bar code payments on the premise of meeting the relevant qualification review and identification; at the same time, in order to prevent transaction risks such as cash, All small and micro merchants who use the same ID card at the same acquirer will pay by credit card bar code for a daily total of no more than 1,000 yuan and a monthly total of no more than 10,000 yuan, but bar code payments based on debit cards will not be accepted. Limits on the amount of receipts.
Text / Reporter Cheng Jie