Dec 28, 2017 07:12 AM

China to Pump Up Security of ‘Scan-and-Pay’

China's central bank sees potential risks in the lack of uniform business and technical standards for the
China's central bank sees potential risks in the lack of uniform business and technical standards for the "scan-and-pay" barcode technology. Photo: Visual China

Bill paying via smartphones is booming in China, with consumers paying for everything from a hospital stay to a single egg.

But the central bank sees risks in the lack of uniform business and technical standards for the barcode technology. On Wednesday, it stepped in.

"Due to the lack of uniform business and technical standards, there are still potential risks in the bar code generation mechanism and transmission process, as well as risks in payment security," the central bank said.

The quick response (QR) code allows consumers to make quick payments from their bank accounts simply by scanning a black-and-white barcode provided by merchants or asking the business to scan a code generated by their mobile payment apps.

The guidelines set technical requirements on QR code encryption, transaction verification and information protection to prevent hacker attacks and customer privacy leaks.

The central bank is also requiring all payment service providers offering QR code payment to obtain a permit. All transactions made via code scanning by banks and non-bank institutions will have to be settled through a qualified clearing system under the oversight of the central bank.

The new rules are set to take effect on April 1 of the new year.

The central bank also set three levels of daily transaction limits on QR code payments based on the security level of the transaction verification method, starting from 500 yuan (about $77).

Merchants who accept QR code payments will have need to register and obtain approval from regulators.

Scan-and-pay catches fire

Scan-and-pay through QR codes caught fire in China thanks to the popularity of smartphones and the push of tech giants, who eagerly developed their own mobile payment platforms outside the traditional banking system.

In the third quarter of 2017, more than 49.26 trillion yuan was paid via mobile devices, up 39% from the same period last year. About 39 trillion yuan in transactions was handled by non-bank payment platforms, mainly through scanning the QR code, according to the central bank’s data released in early December.

Most transactions handled via QR code scanning are small amounts of money for everyday life, such as buying a coffee, paying for a taxi ride or grocery shopping at a corner store.

According to Zhao Yao, a financial law expert at China University of Political Science and Law, about 95% of QR code transactions are valued below 500 yuan. In the first half this year, the average amount of each QR code payment was about 100 yuan.

But the quick payment method has sparked rising security concerns.

In March, the Southern Metropolis Daily reported that QR code payment scams have caused losses of more than 90 million yuan in the Guangdong province. The scams usually involve replacing legitimate codes of merchants by the ones linked to scammers’ accounts, or embedding viruses to steal users’ personal and payment information.

QR code payment has been exploding in China since the early 2010s as third-party payment firms began taking their internet-based payment services offline to brick-and-mortar stores.

But in March 2014, the central bank temporarily suspended QR code payments, citing security concerns surrounding identification and potential theft of consumers' personal information and money.

In spite of the temporary ban, third-party payment providers and some commercial banks continued offering the popular payment method in a regulatory gray zone.

In 2016, the central bank lifted the ban, granting QR code payment a legitimate status and issuing general guidelines for the service. The payment method has since expanded more and more. And the little square barcode has become ubiquitous in China, pushed by internet giants such as Alibaba Group Holding Ltd. and Tencent Holdings Ltd.

Grabbing the wave

Banks and traditional bankcard payment settlement provider China UnionPay also joined the trend by rolling out their own QR code payment Apps.

Alipay, the payment app operated by Alibaba-affiliated Ant Financial Service Group, controls more than 50% of China’s mobile payment market, while Tencent’s WeChat Pay has carved out about 40%.

Ant Financial said on Wednesday that it plans to expand its QR code payment services to the public transportation sector in major Chinese cities such as Beijing, Shanghai and Guangzhou next year.

Ant Financial launched a pilot program in Hangzhou last year, allowing commuters to pay for their bus and subway tickets by scanning a barcode with their smartphones. Rival Tencent has launched a similar WeChat service in Guangzhou’s metro system.

Last week, international secure-payments consortium EMVCo said Ant Financial had become one of its global technical partners. Some analysts predict the partnership could grant Ant Financial a say in setting global standards for QR code payment.

Contact reporter Han Wei (

You've accessed an article available only to subscribers
Share this article
Open WeChat and scan the QR code