Shulou(Shulou.com)11/24 Report--

Tick, scan the code to pay successfully.

Bar code payment has been widely used in daily life. With the popularity of bar code payment, aggregate payment has sprung up and developed on a large scale. As a unique and key role in order collection outsourcing service institutions, aggregate payment institutions have become an important part of the payment industry.

But at the same time, there are some problems in bar code payment business, such as business violations, data leakage and frequent attacks. Most of the business violations show the characteristics of the acceptance side (that is, payment institutions, outsourcing service agencies), including credit card cash, false merchants, the use of bar code payment for running points and money laundering and so on. In terms of data leaks and attacks, due to the relatively low barriers to entry and the weak technical and security capabilities of some aggregate payment institutions, there are some problems, such as the business system has been invaded and even unable to provide business services.

With the characteristics of one-point access and unified forwarding of aggregate payment, it is also easy to use aggregation payment institutions as a breakthrough and springboard to attack the spread of upstream order collection institutions and the rapid expansion of risks. Superimposing factors such as non-standard internal control management will increase the risks of merchant information disclosure, transaction data disclosure and so on.

In view of the urgent problems to be solved in the development of the aforementioned order collection business, regulators and industry self-regulatory agencies have formed a series of management and control measures and issued management and control requirements to the main body of the industry to control safety risks and guide sustainable business development and compliance development.

In recent years, the China payment and Clearing Association has successively issued documents such as "measures for the filing of order-collecting Outsourcing Service institutions (trial)" and "self-discipline Standardization of order-collecting Outsourcing Service institutions (trial)". Put forward filing management requirements and normal quantitative management rules for order collection outsourcing institutions, including aggregate payment institutions, and impose industry self-discipline on order collection outsourcing management. Recently, domestic head order collection agencies have also made a high-profile voice, requiring cooperative order collection outsourcing service providers to complete the filing as soon as possible.

With the joint efforts of regulatory agencies, industry self-regulatory agencies and all parties in the industry, the positive situation of "putting on record must be put on record" has been formed. As of March 10, 2023, more than 16000 outsourcing organizations (including more than 480 aggregate payment institutions) have completed the record in the order collection outsourcing service organization filing system.

For aggregate payment institutions, timely security assessment of order collection outsourcing service providers is a necessary measure to implement the filing work. According to the relevant opinions of the China payment and Clearing Association on the filing of the current bill-to outsourcing service agencies, the Security Assessment report of the order-receiving outsourcing service providers is a valid proof of system security when the aggregate payment institutions are filed.

Therefore, carrying out safety assessment of service providers is the basic work of aggregate payment institutions under the current relevant requirements; it is an effective means to actively discover security risks, strengthen internal control management and security construction; it is a specific measure to effectively implement industry self-discipline requirements and perform compliance management duties; it is a necessary action to ensure sustainable business development and compliance development.

The security assessment of bill-to outsourcing service providers is based on the Security Technical Specification for Bill-to Outsourcing Service providers, which is specifically verified from three parts: business infrastructure and data security, technical requirements, security management and risk control requirements. To ensure that aggregate payment business facilities and internal control management meet the basic requirements of the payment industry, and effectively carry out information security and basic business compliance risk control.

China Financial Certification Center (CFCA) conducts safety assessment of order collection outsourcing service providers for aggregate payment institutions. The main links include: project preparation, project start-up, project implementation, rectification and re-testing, and report issuance.

CFCA has been ploughing the financial field for more than 20 years, giving full play to the advantages and technical reserves of the industry, taking the regulatory requirements of the industry as the foundation, taking the self-discipline of the industry as the implementation standard, promoting construction by evaluation, helping outsourcing service organizations to complete the filing, and promoting the compliance development of aggregate payment business.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.