There are five main technical safeguards for third-party payment security: transaction party’s own network security technology, data transmission security technology, transaction user identification and authentication, transaction party’s payment security, and strengthening fund supervision and risk preparation.
(1) Transaction party’s own network security technology.
① User account management and network antivirus technology. Both parties to the transaction must enter their account passwords before entering the system. Only after obtaining system approval can they use the system within the prescribed authority. Using password login technology is the most direct security precaution.
② Firewall technology. The main function of the firewall is to strengthen access control between networks and prevent external network users from illegally entering the internal network through the external network. To conduct electronic payments, enterprises have to connect their internal networks to the Internet, which means establishing access to thousands of computers on the Internet. In order to maintain the security of the enterprise’s internal network and information, the application of firewall technology is necessary.
(2) Data transmission security technology. Data transmission security technology is mainly reflected in data encryption technology. It is one of the main technical means used to improve the security and confidentiality of information systems and data and prevent secret data from being cracked by the outside. During the payment process, the trading parties communicate with each other on the network, and the main security threat comes from illegal eavesdropping.
(3) Transaction user identification and authentication. Identity authentication is an important link in determining and confirming the true identity of the trading parties, and it is also the weakest link in the e-commerce transaction process. Digital signature and CA authentication technology are the main identity authentication technologies.
① Digital signature. The function of digital signature is to distinguish real data from forged and tampered data. Using encryption technology, the ciphertext encrypted by the encryption function will change with the change of the file, so the digital signature can be used to identify whether the file has been damaged or tampered with during the transmission process.
② CA authentication technology. In electronic transactions, whether it is digital timestamp service or digital certificate service, it is not completed by the trading parties themselves, but needs to be completed by an authoritative and fair third party. CA undertakes online secure electronic trade authentication services and provides security for the participants in the trade.
(4) Payment security of the trading parties. At present, there are two payment protocols that are widely adopted and applied, one is SSL and the other is SET.
① SSL protocol. The SSL protocol can provide a secure channel between two machines on the Web. It first uses authentication technology to identify each other. After the client sends a message to the server requesting to establish a connection, SSL requires the server to present a digital certificate to the browser, and the client verifies the legitimacy. The client uses encryption technology to ensure the confidentiality of the channel and digital signature technology to ensure the integrity of information transmission.
② SET protocol. The SET protocol is a complex protocol that covers the transaction process of credit cards in electronic transactions, the confidentiality of application information and the integrity of data, as well as technical standards such as CA authentication and digital signature. Its main function is to ensure the security of payment information and payment process, and to ensure that the payment process complies with the same protocol and format standards.
(5) Strengthen the supervision of funds and risk preparation.
① Strengthen the supervision of funds. For customer funds stranded in third-party payment companies, it is necessary to clarify through laws and regulations that their ownership belongs to the customer, strictly distinguish between the customer’s own funds and the third-party payment company’s own funds, and prohibit the use of customer funds for the operation of the third-party payment company or other purposes.
② Strengthen risk preparation. Third-party payment companies should establish a risk preparation system as the last line of defense against risk losses and a guarantee of survival. In the case that third-party companies cannot proactively manage risks, they can only be forced to establish a risk preparation system by law.