China to Pump Up Security of ‘Scan-and-Pay’
Bill paying via smartphones is booming in China, with consumers paying for everything from a hospital stay to a single egg.
But the central bank sees risks in the lack of uniform business and technical standards for the barcode technology. On Wednesday, it stepped in.
"Due to the lack of uniform business and technical standards, there are still potential risks in the bar code generation mechanism and transmission process, as well as risks in payment security," the central bank said.
The quick response (QR) code allows consumers to make quick payments from their bank accounts simply by scanning a black-and-white barcode provided by merchants or asking the business to scan a code generated by their mobile payment apps.
The guidelines set technical requirements on QR code encryption, transaction verification and information protection to prevent hacker attacks and customer privacy leaks.
The central bank is also requiring all payment service providers offering QR code payment to obtain a permit. All transactions made via code scanning by banks and non-bank institutions will have to be settled through a qualified clearing system under the oversight of the central bank.
The new rules are set to take effect on April 1 of the new year.
The central bank also set three levels of daily transaction limits on QR code payments based on the security level of the transaction verification method, starting from 500 yuan (about $77).
Merchants who accept QR code payments will have need to register and obtain approval from regulators.
Scan-and-pay catches fire
Scan-and-pay through QR codes caught fire in China thanks to the popularity of smartphones and the push of tech giants, who eagerly developed their own mobile payment platforms outside the traditional banking system.
In the third quarter of 2017, more than 49.26 trillion yuan was paid via mobile devices, up 39% from the same period last year. About 39 trillion yuan in transactions was handled by non-bank payment platforms, mainly through scanning the QR code, according to the central bank’s data released in early December.
Most transactions handled via QR code scanning are small amounts of money for everyday life, such as buying a coffee, paying for a taxi ride or grocery shopping at a corner store.
According to Zhao Yao, a financial law expert at China University of Political Science and Law, about 95% of QR code transactions are valued below 500 yuan. In the first half this year, the average amount of each QR code payment was about 100 yuan.
But the quick payment method has sparked rising security concerns.
In March, the Southern Metropolis Daily reported that QR code payment scams have caused losses of more than 90 million yuan in the Guangdong province. The scams usually involve replacing legitimate codes of merchants by the ones linked to scammers’ accounts, or embedding viruses to steal users’ personal and payment information.
QR code payment has been exploding in China since the early 2010s as third-party payment firms began taking their internet-based payment services offline to brick-and-mortar stores.
But in March 2014, the central bank temporarily suspended QR code payments, citing security concerns surrounding identification and potential theft of consumers' personal information and money.
In spite of the temporary ban, third-party payment providers and some commercial banks continued offering the popular payment method in a regulatory gray zone.
In 2016, the central bank lifted the ban, granting QR code payment a legitimate status and issuing general guidelines for the service. The payment method has since expanded more and more. And the little square barcode has become ubiquitous in China, pushed by internet giants such as Alibaba Group Holding Ltd. and Tencent Holdings Ltd.
Grabbing the wave
Banks and traditional bankcard payment settlement provider China UnionPay also joined the trend by rolling out their own QR code payment Apps.
Alipay, the payment app operated by Alibaba-affiliated Ant Financial Service Group, controls more than 50% of China’s mobile payment market, while Tencent’s WeChat Pay has carved out about 40%.
Ant Financial said on Wednesday that it plans to expand its QR code payment services to the public transportation sector in major Chinese cities such as Beijing, Shanghai and Guangzhou next year.
Ant Financial launched a pilot program in Hangzhou last year, allowing commuters to pay for their bus and subway tickets by scanning a barcode with their smartphones. Rival Tencent has launched a similar WeChat service in Guangzhou’s metro system.
Last week, international secure-payments consortium EMVCo said Ant Financial had become one of its global technical partners. Some analysts predict the partnership could grant Ant Financial a say in setting global standards for QR code payment.
Contact reporter Han Wei (firstname.lastname@example.org)
- 1Energy Insider: China’s New-Energy Vehicle Industry Booms
- 2In Depth: Fixing the High Cost of Rare Disease Treatment in China
- 3CX Daily: Delivery Times Likely To Stretch After Beijing Warns Omicron Could Have Traveled In Mail
- 4South China Omicron Cluster Grows as Travel Bans Imposed
- 5CX Daily: China’s 2021 GDP Grows 8.1% on Low Base
- 1Power To The People: Pintec Serves A Booming Consumer Class
- 2Largest hotel group in Europe accepts UnionPay
- 3UnionPay mobile QuickPass debuts in Hong Kong
- 4UnionPay International launches premium catering privilege U Dining Collection
- 5UnionPay International’s U Plan has covered over 1600 stores overseas