Sina Finance News August 3 morning news Recently, the payment clearing association issued the "Bar Code Payment Service Specification" (Draft for Comment) to the payment institution, and the opinion draft clearly pointed out the safety standards that the payment institution must follow to carry out the barcode business. This is the first time the central bank officially recognized the status of two-dimensional payment after the two-dimensional code payment was stopped in 2014.
Previously, the central bank issued a letter to the Payment and Clearing Association and UnionPay to confirm the status of the QR code payment. The central bank requires the payment clearing association to provide the bar code payment industry technical standards and business specifications with the bank card clearing institutions, major commercial banks and payment institutions on the basis of relevant preliminary work, and in accordance with the requirements, and in personal information protection, capital security, encryption measures, and sensitivity. Information storage and other aspects put forward clear requirements.
According to the letter, offline bar code payment has the characteristics of low entry barrier and convenience, and is suitable for daily small transactions of small merchants sensitive to traditional POS cashier costs, which is a useful supplement to traditional offline bank card payment.
On July 15, Industrial and Commercial Bank of China officially launched QR code payment products in Beijing, becoming the first commercial bank in China to have two-dimensional code payment products. This means that the two-dimensional code payment that was called for more than two years has been reopened.
At the beginning of July, some media reported that the central bank had issued a document confirming the market position of the two-dimensional code payment, and the positioning and the traditional offline bank card payment business supplement; meanwhile, the China Payment Clearing Association also convened a special meeting to promote the two-dimensional code technical standards and safety standards.
On March 13, 2014, the central bank issued an urgent document to stop face-to-face payment services such as two-dimensional code payment. The reason is that there is a certain risk of payment risk in offline QR code payment.
In fact, at the end of the year when the payment of the QR code was stopped, after technical improvements, banks and third-party payment agencies began to distribute QR codes. (Xu Li)
Attached to the full text of the "Bar Code Payment Service Specification" (Draft for Comment):
Chapter I General Provisions
The first one is to regulate the business operation of offline bar code (two-dimensional code) payment (hereinafter referred to as bar code payment), protect the legitimate rights and interests of member units and consumers, and promote the healthy development of bar code payment business, according to the "Electronic Payment Guidelines (No. 1) This Regulation is formulated in accordance with the Provisions on the Administration of Payment Services for Non-Financial Institutions and the Administrative Measures for Network Payment Services of Non-Bank Payment Institutions.
Article 2 The bar code payment service referred to in this specification refers to the behavior of the member units applying bar code technology to the customers to realize the transfer of money and funds between the payers and the payers through mobile terminals such as mobile phones.
The barcode payment service includes payment scan code and collection scan code. The payment scan code refers to the behavior of the payer completing the payment by reading the barcode displayed by the payee through the mobile terminal. The receipt scan code refers to the behavior of the payee to complete the payment by reading the barcode displayed by the payer's mobile terminal.
Article 3 The member units shall follow this Code when conducting bar code payment services.
The member companies should carry out the bar code payment business in accordance with the basic principles of legal compliance, equal competition, honesty and trustworthiness, safety and efficiency, and cooperation and win-win.
Article 4 A member unit shall obtain corresponding business qualifications for bar code payment business, and conduct business in accordance with the relevant business management measures of the regulatory department, strengthen risk prevention, and ensure payment security.
Article 5 The member units shall carry out the bar code payment business in accordance with the customer real name system management regulations.
Article 6 The member units shall carry out the bar code payment business in compliance with the anti-money laundering laws and regulations and fulfill their obligations of anti-money laundering and anti-terrorism financing.
Article 7 Member units shall protect the legitimate rights and interests of customers and related entities in accordance with the law and take effective measures to effectively protect the interests of consumers.
Article 8 Member units shall consciously abide by business ethics, and shall not smash the commercial reputation of other member units in any form, and shall not use any improper means to damage the interests of other member units, interfere with or influence the normal market order.
Article 9 Member units shall abide by the relevant technical standards and norms issued by the regulatory authorities, including but not limited to the "General Rules for Information Security of Online Banking Systems" (JR/T 0068-2012) and "China Financial Mobile Payment Technical Standards" (JR) /T 0088-0098 2012) series of standards, "Technical Requirements for Payment Facilities of Non-financial Institutions" (JR/T 0122-2014), etc., and "Payment Payment Technology Security" issued by China Payment and Clearing Association (hereinafter referred to as "Association") The Guidelines and the Technical Requirements for the Technical Guidelines for Barcode Payment Acceptance Terminals guarantee the transaction security and information security of the barcode payment service.
Chapter II Bar Code Generation and Acceptance
Article 10 When a member unit conducts a bar code payment service, it shall manage the bank account number used by the customer to generate the bar code or the payment account number, identity card number, and mobile phone number.
Article 11 The member companies that carry out the bar code payment service shall comply with the mobile payment technology security standards of the regulatory authorities, and may use the following three elements in combination to verify the customer bar code payment transaction:
(1) Only the elements that the customer himself knows, such as static passwords;
(2) Elements that are unique and not reproducible or non-reusable by the customer, such as digital certificates that have been securely certified, electronic signatures, and one-time passwords generated and transmitted through secure channels;
(3) The characteristics of the customer's own physiological characteristics, such as fingerprints.
Member units should ensure that the elements used are independent of each other, and that damage or leakage of some elements should not cause damage or leakage of other elements.
Article 12: Member units adopt digital certificates and electronic signatures as verification elements. The process of digital certificates and electronic signature generation shall comply with the Electronic Signature Law of the People's Republic of China and the Financial Electronic Certification Specification (JR/T 0118-2015). And other relevant regulations to ensure the uniqueness, integrity and non-repudiation of the digital certificate.
If the member unit adopts the one-time password as the verification factor, it should effectively prevent the risk caused by the one-time password acquisition end and the payment instruction originating end being the same physical device, and strictly limit the one-time password validity period to the shortest necessary time.
If the member unit adopts the customer's own physiological characteristics as the verification factor, it shall comply with the national, financial industry standards and related information security management requirements to prevent illegal storage, copying or replay.
Article 13 The member unit shall limit the management of the transaction of the personal customer barcode payment service according to the security level of the transaction verification method and the classification of the risk prevention capability in the “Bar Code Payment Technical Safety Guidelinesâ€:
(1) If the risk prevention capability reaches Grade A and the two types of (including) effective elements including digital certificates or electronic signatures are used to verify the transaction, the member unit and the customer shall agree on a one-day cumulative limit through agreement;
(2) If the risk prevention capability reaches Grade B, and the transaction is verified by two or more effective elements including digital certificates and electronic signatures, the accumulated amount of the single bank account or all payment accounts of the same customer shall not be More than 5,000 yuan;
(3) If the risk prevention capability reaches the C level and the transaction is verified by less than two types of factors, the cumulative amount of a single bank account or all payment accounts of the same customer on a single day shall not exceed 1,000 yuan, and the member unit shall promise unconditional amount to bear this. Responsibility for risk loss for trading.
Article 14 A member unit shall ensure the validity and authenticity of the bar code by setting the validity period and the number of times of use of the bar code, and prevent the bar code from being reused and repeatedly deducted.
Article 15 The business systems, client software, and acceptance terminals/machines involved in the bar code payment business shall continue to meet the requirements of the regulatory authorities and industry standards to ensure the security and authenticity of the bar code generation and reading process. Integrity. The payment institution shall also pass the technical safety testing certification organized by the association.
Article 16 Bar code information shall not contain any sensitive information related to the customer and its account, and only includes relevant information for the current payment.
The bar code generated by the special merchant related system only includes information such as special merchants, goods (services) or goods (services) orders related to the current payment.
The barcode generated by the mobile terminal and generated by the relevant system shall not directly contain the account information of the user; the account information shall be encrypted.
The member unit shall designate a special person to operate and maintain the relevant system for the special merchant to generate the barcode, and ensure the security and reliability of the bar code generation of the special merchant.
Article 17 Member units shall provide acceptance services for the barcodes issued by themselves. If the payment institution conducts bar code payment based on the payment account, it shall conduct business in a limited scenario according to the closed mode of self-developing users and self-expanding merchants.
Where a payment institution conducts bar code payment business based on a bank card, it shall abide by the relevant regulations such as the “Management Measures for Bank Card Acquisition Business†(People's Bank of China Announcement No. 9).
Article 18 The member unit shall ensure that the payment and receipt scan code transaction is initiated after confirmation or authorization by the customer, and the payment information shall be true, complete and valid.
After the mobile terminal completes the barcode scanning, the scanning content should be correctly and completely displayed for the customer to confirm. For the small-value transfer service between mobile terminals, after the payment party completes the scan code, the mobile terminal shall return the name of the payee whose name is hidden for confirmation by the payer.
After completing the barcode scanning, the special merchant acceptance terminal shall display only the scan code successfully and prompt the next operation, and shall not display the customer-related sensitive information in the barcode to the special merchant.
Article 19: According to the real situation of payment and collection scan code, the member unit shall correctly select the transaction type according to the regulatory requirements and relevant business rules and management system requirements, accurately identify the transaction information and completely transmit it to ensure the integrity of the transaction information. Authenticity and traceability.
The transaction information shall at least include: the name, category and code of the special merchant directly providing the goods or services, the type and code of the acceptance terminal (network payment interface), the time and place of the transaction (the network address of the network-specific merchant), the transaction amount, the transaction type and channel. The transaction information of the network special merchant should also include the commodity order number and the network trading platform name.
Article 20 The payment transaction message shall identify the transaction as a bar code payment transaction through a specific domain for the commercial bank or payment institution to correctly identify and authorize the transaction.
Article 21 Member units shall adopt technical measures to ensure the security, integrity and non-repudiation of transaction information transmission.
Article 22 After the payment transaction is completed, the special merchant acceptance terminal and the mobile terminal shall display the payment result; if the payment fails, the special merchant acceptance terminal and the mobile terminal shall also display the reason for the failure.
Article 23 The member unit shall require the special merchant to provide the corresponding goods or services in time according to the agreement between the special merchant and the customer after the payment transaction is successful.
Article 24 A member unit shall provide the bargaining transaction details to the special merchants and customers, so that they can handle the inquiry, return, error handling and other services.
Article 25 A member unit shall initiate transaction error processing and return transaction according to the original transaction information at the time of the transaction. If the funds need to be returned, the corresponding amount shall be returned to the original debit account.
Chapter III Bar Code Payment Special Merchant Management
Article 26 If a member unit develops a bar code to pay a special merchant, it shall follow the principle of “know your customer†and ensure that the expanded business is a special merchant established and legally operated according to law.
Article 27 If a special merchant and its legal representative or person in charge have any bad information in the risk information management system designated by the People's Bank of China, the member unit shall be cautious or refuse to provide bar code payment services for the special merchant.
The risk information management system designated by the People's Bank of China includes, but is not limited to, the risk information sharing system of the information management system of the People's Bank of China or industry associations, and the construction and operation of bank card clearing institutions.
Article 28 The member units shall expand the special merchants to implement the real-name system regulations, strictly examine the authenticity, completeness and validity of the application materials of the special merchants, and retain photocopies or photocopies of the valid certificates of the special merchants. If the application materials are false, missing, incomplete or non-compliant, they may not be approved.
Article 29 Member units shall formulate the approval system and approval process for special merchants, clarify the authority for examination and approval, and designate special personnel to be responsible for the approval of special merchants. The approval positions of special merchants shall not be concurrent with the expansion of special merchants and other related positions.
Article 30 The member unit shall make an agreement with the special merchants on matters relating to the setting and change of the bank account, the fund settlement cycle, the settlement fee standard, the error and the dispute settlement, etc., to clarify the rights, obligations and breach of contract obligations of both parties.
Article 31 A member unit shall require the special merchant to provide real goods or services; use the acceptance terminal (network payment interface), bank account or payment account according to the regulations, and may not use it to engage in or assist others to engage in illegal activities; properly handle transaction data. Information, save transaction vouchers, and secure transaction information; no additional fees may be charged or disguised to customers, or service levels may be reduced.
Article 32 A member unit shall establish a special merchant information management system, record the name and business address of the special merchant, the information of the special merchant identity information, the special merchant category, the settlement fee standard, the bank settlement account information, the opened transaction type and the opening time. Receive information such as the terminal (network payment interface) type and installation address, and update it in time.
Article 33 A member unit shall control the payment risk by establishing a black and white list of special merchants and link addresses.
Article 34 A member unit shall establish a special merchant inspection system, clarify management requirements such as inspection frequency, inspection contents, inspection records, and implement inspection responsibility. For the special merchant acceptance terminal, the bar code payment transfer business function shall not be activated; for the mobile terminal, the special merchant transaction fund settlement function shall not be opened.
Article 35 A member unit shall conduct localized operation and management of the bar code acceptance business of the entity special merchants, and provide acceptance services through the acceptance agencies within the provinces (autonomous regions and municipalities) where the special merchants and their branches are located, and may not cross provinces (districts). , city) domain to carry out bar code acceptance business.
Article 36 If a member unit conducts bar code payment business based on a bank card (account), it shall carefully select the outsourcing service organization in accordance with the relevant regulatory system requirements, strictly regulate the business cooperation with the outsourcing organization, and strengthen the risk management responsibility of the outsourcing business.
Article 37: Member units shall, in accordance with the requirements of relevant regulatory systems, strengthen the internal control management and security protection of payment sensitive information, strengthen the transaction password protection mechanism, and control the risk of information disclosure and fraudulent transactions from the source by comprehensively applying payment tokenization techniques.
Article 38 Member units shall conduct bar code payment service training for special merchants and keep training records.
Article 39 For the archives of special merchants' application materials, qualification review materials, acceptance agreements, training and inspection records, information changes, termination of cooperation, etc., the member units shall at least save to 5 years after the termination of the service.
Article 40 A member company shall provide a bar code payment service to the special merchants, and shall not transfer the handling fee to the customer in disguise, and shall not take unfair competition to damage the legitimate rights and interests of others.
Article 41 If a member unit and a special merchant terminate the relevant service agreement for bar code payment, the payment service or payment interface (function) shall be closed in time, the equipment shall be taken back, the account clearing shall be carried out, and the follow-up matters shall be properly handled.
Article 42 A member unit shall respect the free choice of the special merchants and shall not interfere or disguise the cooperation between the special merchants and other institutions.
Chapter IV Risk Management
Article 43 A member unit shall establish a comprehensive risk management system and internal control mechanism to enhance its risk identification capability, take effective measures to prevent risks, and promptly discover and handle suspicious transaction information and risk events.
Article 44 A member unit that conducts bar code payment business shall assess the risk of money laundering and terrorist financing related to the business and adopt risk management and control measures appropriate to the level of risk.
Article 45 A member unit shall establish a risk rating system for special merchants, and comprehensively consider the regional and industry characteristics, business scale, financial and credit status of the special merchants, and conduct risk ratings for the special merchants.
Article 46 A member unit shall set or agree on a single and daily cumulative transaction limit in combination with factors such as the risk rating of the merchant and the type of transaction.
Article 47 For special merchants with higher risk levels, member units shall guard against transaction risks by strengthening transaction monitoring, establishing risk management measures for special merchants, and delaying liquidation.
Article 48 A member unit shall establish a special merchant inspection and evaluation system, and formulate different inspection and evaluation frequencies and methods according to the risk level of the special merchants, and retain relevant records.
Article 49 A member unit shall formulate an emergency response plan and establish a disaster backup system to ensure the continuity of the bar code payment service and the safe operation of the business system.
Article 50 A member unit shall be able to effectively identify the client program and the special merchant acceptance terminal issued by the unit, and ensure the security of the barcode generation and reading process.
Article 51 The member unit shall ensure the security of the relevant customer identity or account information, prevent leakage, and set the validity and number of use of the bar code according to different business scenarios of payment and payment.
Article 52 A member unit shall establish a bar code payment transaction risk monitoring system, promptly discover suspicious transactions, and take measures to block transactions and contact customers to verify transactions to prevent transaction risks.
Article 53 If a member unit discovers a risk event such as suspected cash withdrawal, money laundering, terrorist financing, fraud, retention or leakage of account information, the special merchant shall take measures such as delaying fund settlement, suspending trading, freezing the account, etc., and accepting the cause. Responsibility for risk loss caused by failure to take measures; if any suspected illegal or criminal activities are discovered, they shall report the case to the public security organ in a timely manner.
Article 54 Where a commercial bank or a payment institution has a relationship or cooperates in the bar code payment business, it shall stipulate or clarify the rights, obligations and liabilities for breach of contract in terms of transaction verification, information protection, error handling, risk compensation, etc. in the cooperation agreement. To ensure the safety of customers' funds and information security.
Article 55 A member unit shall continue to improve the customer service system, promptly accept and resolve customer consultation, inquiries and complaints in the bar code payment business, and consciously safeguard the legitimate rights and interests of customers.
Article 56 A member unit shall fully disclose the types of bar code payment business products, handling procedures, operating procedures, charging standards and other information, and clarify the business risk points and related liability commitment mechanisms, risk loss payment methods and operation methods.
Article 57 Member units shall carry out safety education on bar code payment for customers, and enhance their risk prevention awareness and response capabilities.
Article 58 A member unit shall, in accordance with the requirements, submit to the Association the bar code payment business statistics and related information, and the data and information materials shall be true, accurate and complete.
Article 59 If a member unit or its outsourcing service agency or a bar code payment special merchant has a suspected major bank card illegal crime or a major risk event, the member unit shall report to the association within 2 working days.
Chapter V Discipline and Responsibility
Article 60 A member unit that publishes a bar code payment service shall report to the Association 30 days in advance, including but not limited to:
(1) Carrying out the business plan of the bar code payment service;
(2) Detailed introduction of the product;
(3) Business management methods;
(4) Risk prevention measures;
(5) Information on institutional cooperation;
(6) Service fee standards and distribution mechanisms;
(7) Customer rights protection measures;
(8) Scope of service outsourcing and outsourcing management methods.
The payment institution shall also provide the technical safety inspection certification certificate for the barcode payment service.
Article 61 When a member unit terminates the bar code payment business, it shall report to the Association 30 days in advance. The contents of the report include but are not limited to: a written application signed by the legal representative of the company, stating the name of the company, the development of the bar code payment service, the reasons for termination, Customer legal rights protection plan, payment business information processing plan, etc.
Article 62 If a member unit newly develops a bar code payment service, expands or changes the bar code payment service scenario, channel or territory, or makes major adjustments to the bar code payment service management system, it shall report to the association at least 30 days in advance according to the regulations.
Article 63: Member companies carrying out bar code payment services shall construct a sound risk management system in accordance with the requirements of this Code, implement risk management measures, and actively prevent payment business risks. The Association shall require the member units to do risk management work in accordance with this Code, and incorporate the bar code payment business into the self-discipline management evaluation and on-site inspection work.
Article 64 If a member company's risk management system is imperfect or fails to effectively implement the Code, and a major risk event occurs, which has a negative impact on the industry, the Association will follow the self-regulation of the China Payment and Clearing Industry Self-Regulation Convention. Process it.
Chapter VI Supplementary Provisions
Article 65 If the Code is inconsistent with the laws, regulations and regulatory authorities of the State, it shall be implemented in accordance with the relevant laws, regulations and regulatory authorities.
Article 66 If a member unit uses custom symbols, graphics, images, etc. as information carriers to transmit transaction information for payment services, it shall conduct self-discipline management in accordance with the relevant provisions of this Code.
Article 67 This Code is revised and interpreted by the China Payment and Clearing Association.
Article 68 The meanings of the relevant terms of this Code are as follows:
Member unit refers to the member unit of China Payment and Clearing Association.
Regulatory authorities, including the People's Bank of China and its branches.
A mobile terminal refers to a mobile terminal device such as a mobile phone used by a consumer for displaying or reading a barcode and completing payment.
The special merchant acceptance terminal refers to the special merchant acceptance equipment that participates in the barcode payment, and has the functions of bar code display or reading, including special barcode payment acceptance equipment, and can process bar code display or reading after expanding on the original POS and other devices. Equipment, etc.
Article 69 This Code shall be implemented as of the date of promulgation.
Enter [Sina Finance and Economics Unit] Discussion
Sofa Cloth,Sofa Fabric,Sofa Upholstery,Sofa Fabric Material
SUZHOU S-PEAK TEXTILE CO., LTD , https://www.s-peaktex.com