Introduction
The popularization of the mobile internet has greatly shaped everyone’s daily life. It also offers the opportunity and challenge for the payment industry to upgrade and reform. The demand for flexible and convenient payment is more pressing than ever before. Mobile payment is rapidly emerging as a new form of payment along with chip bankcards and online payment. These diversified payment innovations lay the foundation for ‘Internet Finance.’
After more than ten years of rapid development, the bankcard industry has upgraded from magnetic stripe bankcards to chip bankcards and from physical bankcards to virtual bankcards (
Ministry of Industry and Information, 2013;
Zhang, 2013). Service based on bankcards is moving towards the target of higher convenience and better security. The focus of the bankcard industry has shifted from merely inter-bank switching to the adoption of innovative payment technology to promote the development of the whole industry chain. In the era of magnetic stripe bankcards, China learned from the international bankcard organizations; in the era of chip bankcard, we developed in parallel with the main participants in the world. In regard to the age of mobile payment, it is necessary to keep pace with or even lead the trend of innovation and development worldwide (
Chai, 2015). The undergoing and predicted transaction value and growth rate of China’s mobile payment market are shown in Fig. 1. The large-scale application of mobile payment also offers a good chance to encourage the involved industry chain to upgrade legacy technologies and to improve the quality of service. It also helps to accelerate transformation from an extensive to an intensive economic growth mode (
Ge and Shi, 2016;
Ge and Shi, 2015).
The next-generation mobile payment platform will play a key role in China’s financial system. From the perspective of systems engineering, the mobile payment system is a complex system with the distinct characteristics of systematicness, dynamism, inter-relatedness and self-organization (
Qian, 1982;
Qian et al., 1990;
He et al., 2013). In the process of managing the mobile payment project, many problems not only involve technical engineering, but also relate to financial, social, and even legal issues, which makes the system highly complicated. Furthermore, the mobile payment system is not an isolated system. We have to think about how to best integrate it into the existing stably running payment system rather than building a totally new one. There is a need for a series of engineering methodologies to help solve these complicated problems comprehensively. The resulting methods can be applied to manage the innovation requirement analysis, and to optimize the research, analysis, design and implementation of the project (
Zhang, 2002;
Xu, 2004;
Wang, 2015;
Yin et al, 2007;
Fu, 2007).
On December 12th, 2015, based on years of in-depth investigation and dedicated pre-arrangements, China UnionPay issued its own brand of mobile payment, ‘ Mobile QuickPass’, together with tens of China’s top banks. The launch of Mobile QuickPass represents a key milestone of the mobile payment project, and it has proven to be suitable for China’s real conditions. In this paper, we will introduce China UnionPay’s research and practice in terms of system engineering management of the mobile payment project.
The rest parts of the paper are organized as follows. In Section 2, the characteristics and engineering difficulties will be analyzed. In Section 3, the general requirements and core engineering problems for the mobile payment project will be summarized based on the analysis of Section 2. Section 4 will introduce the design and engineering practice of the mobile payment project. Section 5 will summarize the whole paper.
Analysis on the features of mobile payment situations
New features of mobile payment versus traditional payment methods
Compared to traditional bankcard payment, mobile payment mainly introduces the following changes in terms of its representation form.
First, the most notable change is that the physical bankcard is no longer the only payment carrier, and it will gradually be replaced by mobile terminals. The mobile terminals involved may vary considerably, and the most frequently used is the mobile phone. Recently, wearable devices have also developed rapidly. Under the mobile scenario, the behavior of mobile terminals tends to be much more unpredictable, making it difficult to locate and identify the cardholders.
On the acceptance side, traditional payment terminals (POS) will also be replaced with mobile payment terminals, e.g., mobile POS. In this case, the increased mobility may degrade the controllability of the terminals. Currently in China, the charging of inter-change fee depends on the classification of business. Compared to the traditional static scenario, it is much easier for a low fee-rate mobile POS to be used in a high fee-rate business scenario, which is the so-called ‘POS shifting’ problem. This would cause violation to the current regulation and pose a great challenge to supervision (
Cai et al., 2016).
On the backend, improvements are also needed to adapt to the highly mobile payment scenario, although these changes are not as apparent as those of the frontend. The risk management system should take more factors (such as device name and location) into account so that the potential risks can be evaluated from a more comprehensive perspective. Furthermore, the backend system should provide a set of uniform interfaces for the mobile terminal platforms to register and access.
Engineering difficulties
The mobile nature of mobile payments may bring a large amount of uncertainties to the whole system. The difficulties of the mobile payment project can be summarized as follows:
1. It poses great challenges to managing security issues throughout the whole project. Security here may involve the safety of individual financial account, communication security, privacy protection, financial security and national information security, all of which are essential to the financial system and can never be compromised (
Hong et al., 2016;
Lu et al., 2016).
2. Long industry chains makes it complicated to coordinate and cooperate. The bankcard industry is the basis for financial payment, which involves 4 large industries including the financial industry, manufacturing industry, service industry and information industry. The mobile payment project covers the main participants such as banks, mobile phone manufacturers, telecom operators, and mobile payment terminal manufacturers. It would take huge efforts to coordinate all of the above-mentioned parties and balance their interest preferences.
3. The timeline is pressing and almost no use cases can be referenced. Worldwide, mobile payment is still in its early age. Even in developed countries, there are no large-scale application experiments. Almost no cases can be referenced. In contrast, the demand is so pressing that the whole project has to be implemented and tested within a relatively short period. The traditional development process is no longer suitable for the rapidly changing demand.
Prior to the launch of the Mobile QuickPass, some mobile solutions already appeared in the market. However, most of them are improper either because of the original design or in terms of system security. The lack of a systematic design and short-sightedness towards instant benefits are the main reasons. Therefore, to regularize the market and maintain the security of China’s financial system, a set of scientific methodologies are needed to guide the design and operation of such a huge and important project (
Liu, 2007;
Zhu, 2007;
Xie et al., 2017). Experiences and lessons summarized from formal successful projects are also helpful for reference (
Zhu, 2000;
Sun, 2007;
Wang, 2007a;
Wang, 2007b;
Wang, 2007c).
The general requirements of the mobile payment project
Top-level design with emphasis on overall optimization
As a huge engineering system, the mobile payment project requires top-level design with overall optimization. The general design is important to a system and can best embody the innovation of the engineering intelligence. The design should comply with the trend of internal development of modern financial services. A bankcard information system in the mobile payment age can then be built based on it, which is key to the bankcard industry.
Before that, the engineering problem has to be clearly stated. From the features and status of mobile payment analyzed in Section 2, the core engineering problems of the mobile payment project can be summarized as follows:
1.How to efficiently design and develop mobile payment products with the lowest reconstruction cost, subject to financial security and compliance requirements.
2.How to cooperate with the industry chains to establish a mobile payment ecosystem.
Balance and coordination
The mobile payment system is a complex system. Many factors need to be taken into consideration during the engineering process. These factors are usually inter-related and some of them are even contradictory. The situation calls for great efforts to balance and coordinate the contradictions encountered throughout the mobile payment system project. The main contradictions are the follows:
1) Demand for diversified payment experience vs. financial funding safety
For the financial industry, funding safety is the greatest concern. The demand for diversified payment experience has brought large challenges to funding safety. With the advent of mobile internet, many innovative payment methods have appeared. Unfortunately, most of them are high risk. Therefore, the mobile payment system to be designed should meet the requirement of financial funding security. Furthermore, the development and release process should be accelerated to meet mobile users’ rapidly changing demands (
Cai et al., 2016).
2) Ease of use vs. security compliance and information protection
Convenience and security are usually thought to be contradictory to each other. In addition to the funding security mentioned above, payment information protection is also very important to cardholders as well as the whole payment system. It should be ensured that no sensitive payment information is leaked to non-financial institutions or intercepted by any third parties (
Hong et al., 2016;
Lu et al., 2016).
3) Open cooperation vs. state information security
In China’s mobile phone market, foreign brands also account for a large share. In the mobile payment project, cooperation with these international manufacturers is inevitable. Such cooperation also raises some concerns on national information security, which needs to be properly addressed during the negotiation with those foreign manufacturers (
Liu et al., 2016).
4) International standards vs. domestic security standards
Traditional practices of the bankcard industry tend to design products in accordance with international standards. Facing a severe cyber network security situation, our country has turned to developing its own standards as a way to realize technical independence and controllability. How to integrate domestic standards, especially cryptography algorithms, into the new generation of mobile payment system should also be investigated (
Liu et al., 2016).
Quality first and effective promotion
As a nationwide project, the quality of the mobile payment products has to be ensured. A system engineering method should be adopted to manage the whole lifecycle of the product, which includes the process of design, manufacturing, evaluation, and testing. Furthermore, the security of the system should also be demonstrated through a series of processes either from technical aspects or from other aspects, such as law and society.
Following the development and testing stage, the promotion of each of the mobile payment products should also proceed in an orderly manner. The requirement is first to fulfill the broadest demand of the market. The next is to validate the product based on market feedback and then to upgrade accordingly and continuously. The aim is to promote the influence of the payment brand and improve the competitiveness.
Management, cooperation and integration
The mobile payment project involves coordination among several large industries including banks, telecom operators, and mobile phone companies. It requires powerful management intelligence to integrate all parties to cooperate and balance the different interest preferences of the others.
From the overall perspective, the bankcard organization plays a special role in the coordination of different industries. It should take responsibility for investigating the trend of the innovation of the information industry and exploring the solution towards win-win cooperation. The mobile payment project represents the integrated application of high technology to the financial industry, which is also the source of engineering and technology innovation. The process calls for close communication with related international standard organizations, industry alliances, and research institutions to gain advanced management and operation experience and gradually improve innovation and development.
Engineering practice of China UnionPay’s mobile payment project
The successful launch of ‘Mobile QuickPass’ marks a milestone of China UnionPay’s mobile payment project. After more than half-year operation and promotion, the mobile payment services are now growing at a tremendous speed and the fraud rate is remaining at a low level. In this part, we will introduce the main engineering methods adopted in the project and the experience in the implementation.
Overall optimization based on the premise of compliance
To resolve the problem proposed in Section 3.1, the core idea of the Mobile QuickPass solution is ‘bankcard simulation.’ Mobile terminals act as a virtual bankcard to access the payment network. Such a design has several advantages:
1) Financial security
The core idea of simulating the bankcard into mobile terminals limits the financial functions of mobile terminals to a minimum level. The essence of the solution is ‘one account, multiple payment carriers.’ Once the information inputted by the bankcard holder passes the validation of the issuing bank, the bankcard can be virtually provisioned into the secure element of the mobile terminal. The virtual card shares the same bank account as the original bankcard and can be used in the scenario of near field payment or mobile online payment. The data flow of each payment transaction is exactly the same as that of using a real bankcard, i.e., the acquiring institution delivers the transaction information to the issuing bank via the intermediate bankcard organization, who finally processes the settlement of the funding, as shown in Fig. 2.
The platform of the mobile terminal itself is not a payment institution, and no extra financial accounts are allowed to deposit the funding. In this way, the overall financial payment system is kept as the original 4-party mode, which has proven to be stable over decades of operation. Therefore, theoretically, Mobile QuickPass is more secure than most of the OTT (over the top) solutions, since OTT operators usually become directly involved with the financial service by setting up extra financial accounts and deposit customers’ payment funding, which complicates the whole system and is prone to potential risks.
2) Low reconstruction cost
Theoretically, following the idea of bankcard simulation, the reconstruction effort of the project exists only in the mobile terminal part. Undoubtedly, this greatly simplifies the system design. In actual practice, we have also modified the backend system to provide a uniform interface and enhance risk management, which will be introduced in Section 4.2.3. However, the modification is relatively small compared to reconstructing a totally new platform. Generally, the overall engineering cost can be greatly reduced, making it possible for the Mobile QuickPass products to be publicly available in a relatively short time.
Following the idea of ‘bankcard simulation,’ the focus of the mobile payment project will be on the mobile terminal part. In the design of Mobile QuickPass, the communication among the mobile terminals and the POS is through NFC (near field communication), which is a wireless protocol for short-range communication. Another reason to adopt NFC is that it is already the standard for the chip bankcard. To transparently simulate the bankcard and interact with existing NFC-enabled POS terminals, an intuitive practice is to adopt the same communication protocol as the mobile terminal. This also helps to reduce the reconstruction cost and reuse the existing payment infrastructure. Therefore, the remaining work is to ensure the security of the simulated bankcards located in mobile terminals and their related communication links, which will be introduced in detail in the next part.
Achieving both ease-of-use and security through integrated innovation of technologies
The greatest difficulty facing the project of mobile payment is to resolve the issue of security.
At first glance, it seems impossible to achieve ease of use without compromising security. However, through technical innovation, it is proven that the security of the entire mobile payment system can be comprehensively improved. Therefore, ease of use and security are not always in conflict. This is the most important discovery in the practice of the project.
A set of innovative security enhancement measures are integrated and adopted to meet the requirements of quality and security compliance, covering both the frontend and backend of the mobile payment system.
Security enhancement of mobile terminals
At the frontend, a series of security technologies including TEE, TOKEN, HCE and SE are integrated to protect the payment transactions from fraud and sensitive data from leakage. The resulting security level is evaluated to be as high as that of chip bankcard. To be specific,
1. TEE, i.e., Trust Environment Execution, is the trusted computing mechanism implemented in the ARM chip. For mobile payment applications, the most sensitive code of the payment logic is switched to the TEE zone so that it can be separated from the other non-trusted codes. This can effectively prevent the original code from being illegally modified, greatly improving the trustworthiness of the payment application. In short, the application of TEE technology can realize the following security functions: trusted computation, data encryption, system protection, secure input, and secure storage. Typical security mechanisms include control over the APPs on the mobile terminal in accessing the secure element, control of the on-off switch of the NFC communication, and the presentation of a secure password input panel free from illegal sniffers. China UnionPay also proposes a TEEI (TEE integration) solution, which can be considered to be the virtualization of the TEE infrastructure. The system architecture of TEEI is shown in Fig. 3 (
Chai et al., 2014), which makes it possible for multiple trust applications to share one TEE zone without interfering with each other.
2. TOKEN is a secure transmission technique developed specially for the NFC mobile payment. Before transmission, sensitive payment information such as the bankcard number and PIN code is first transformed to a TOKEN string. To the intermediate nodes in the transmission path, TOKEN is just a meaningless string, and it can be decoded only at the bank side. This protects the sensitive information from being eavesdropped by third parties.
3. HCE stands for Hybrid Card Emulation, which is a software architecture that provides exact virtual representation of chip bankcards, making the ‘virtual bankcard’ proposal practical. Its security is based on TEE implementation.
4. SE represents Secure Element, which is a hardware implementation of a tamper-resistant platform capable of securely hosting applications and confidential data. eSE (embedded SE) embeds the SE chip into the NFC communication module. Its security level is higher than HCE, and it is the most recommended configuration for mobile terminals.
The integration of the above technologies allows the mobile terminal to provide convenient payment services at a guaranteed security level.
Inter-change fee adjustment
China’s bankcard system has long been beset by the notorious ‘POS shifting’ problem as introduced in Section 2.1. The problem becomes extremely severe in the scenario of mobile payment, where the mobile POS terminal can be moved to anywhere. Apart from adopting technical methods to leverage the ‘POS shifting’ problem, we turn to the root cause of the problem, which is largely due to the pricing mechanism. Currently in China, the charging of the inter-change fee rate largely depends on the scope of business, and some large retail merchants can enjoy a relatively low fee rate. In this situation, the aim of such a charging mechanism is to encourage the large retail market industry to populate the bankcard payment. After ten years of rapid development, the coverage rate of bankcard payment has reached a fairly considerable level. Therefore, the original stimulation mechanism is no longer suitable for today’s market, and new mechanisms are called for to regulate the market and inhibit speculations.
On 18 March 2016, the National Development and Reform Commission issued a notice of adjustment of the pricing mechanism for the bankcard inter-change fee, and it will be formally enacted in September 2016. The main adjustment of the new mechanism is to differentiate the fee rate between debit cards and credit cards. Credit cards will be charged with a higher rate since the issuing bank will undertake more risks when issuing the credit card. Generally, excluding some exceptional cases, the charging of the inter-change fee will no longer depend on the classification of business, and most merchants will enjoy a uniform pricing rate after the bankcard inter-change fee adjustment. This could eventually solve the problem of ‘POS shifting’ and prevent speculation based on different fee rates of the mobile payment terminals.
Backend security enhancement and risk management system
At the backend, a trusted service platform (TSP) is set up to handle the mobile payment transaction. It works together with the Token mechanism, which transmits the payment token rather than the bankcard number for payment validation, as introduced in Section 4.2.1. China UnionPay’s TSP can support 4 typical scenarios defined in the EMVCo reference architecture: online merchant, digital wallet, NFC payment and QR code payment, which can cover most attested online and offline payment scenario. China UnionPay’s TSP can also facilitate services such as the control of Token usage, credit level assessment, and dynamic transaction risk assessment.
As for the risk management system, a framework consisting of risk prevention, real-time monitoring, and post-disposal is set up for the mobile payment platform, as shown in Fig. 4.
1. Risk prevention mainly focuses on the stage of bankcard binding. Most of the identified frauds of mobile payment take place at this stage. Multiple-factor authentication is adopted to validate the operation of each bankcard binding process. The mechanisms include SMS validation, PIN code verification, and real-name matching. Furthermore, to adapt to the mobile scenario, information such as the mobile device name, SIM, IMEI, MAC and terminal location are collected and introduced into the risk management system. This contextual information can effectively improve the risk management system. In the future, chip bankcard validation will be introduced by scanning the real chip bankcard through the NFC link when a user registers a mobile simulated card.
2. Real-time risk monitoring addresses each of the payment requests. Big data technology is adopted to synthetically evaluate the trustworthiness of a transaction from multiple sources of data. Interactive linkage mechanism is set up among China UnionPay, issuing banks and acquiring banks to jointly handle the risk monitoring, cardholder service and merchant management. By taking advantage of the historical data and in-depth association analyses of transaction behavior, the risk management system of China UnionPay is able to monitor each of the mobile inter-bank transaction in real time and attempt to cut off the fraudulent transactions. The model of the risk monitor system can persistently evolve and self-improve according to the fraud being detected.
3. Post-disposal handles the fraudulent transactions being reported. In the scenario of Mobile QuickPass, the fraud losses can be controlled to the minimum through the mechanisms of joint bankcard risk prevention. Actions such as delayed settlement for questionable mobile transactions and the interception of goods in transit are taken once the online or offline fraud mobile payment is reported. Under the circumstance of small mobile payments, most banks tend to adopt active reimbursement policy to compensate fraud loss, which can leverage the concern of cardholders and help to populate the Mobile QuickPass service.
Benefiting from strict risk control, the fraud rate of Mobile QuickPass is reported to be only 0.02BP, which is much lower than that of traditional bankcard transactions (2.36BP on average) (
CNR News, 2016).
Protection of payment privacy data
In the era of mobile internet and big data, the accumulation of user data is considered to be a treasure. However, this can also cause users’ data to be illegally collected or improperly processed. Events of large-scale data leakage have been frequently reported during the past several years.
Under these circumstances, people are showing growing concern about the security of their personal data. In the case of mobile payment, payment data are essential to users’ privacy. We fully realized this problem at the beginning of the design and placed great emphasis on the protection of payment privacy data. The principle is that users’ sensitive data can be processed and recorded only by the authorized financial institution, who should promise to take responsibility for protecting these data from unauthorized access. Non-financial institutions should not be capable of interpreting these data or be allowed to store them.
The method is to first classify all of the involved data to identify what types of data are private and what types can be properly presented. Processing and storage requirements are then set up according to the data security level. To be specific, the data involved in the mobile payment are classified into the following three categories: bankcard data, presentational data and transaction data. To be specific,
1) Bankcard data refer to the basic information of a bankcard, which is usually printed on a physical bankcard. It includes the bankcard number, valid date, CVN2 code and so on. Users need to input such data during the stage of ‘card binding.’ This information is transmitted to the bank side via the mobile platform for identity validation under users’ acknowledgement, approval and confirmation. In addition, the mobile platform is not allowed to store any of these data.
2) Presentational data are the content shown on the APPs of the mobile terminals. These data are provided by commercial banks or China UnionPay, such as the last 4-digist of the bankcard number and card art. They are used to help users view and check the information or state of the binding virtual cards.
3) Transaction data refer to the payment data during each transaction. Scenarios include online and offline payment. For an offline mobile payment, the flow of transaction data is exactly the same as that of chip bankcard data, directly connecting to China UnionPay’s switching network without intermediately passing through the mobile platform. The transaction data in the online mobile payment scenario refer to the payment data generated during online shopping using the APPs of authorized merchants. The APP first delivers these data to the SE embedded in the mobile terminal, which will encrypt the data by using the encryption key issued by banks. The encrypted data are then delivered to the authorized merchants via the mobile platform and the subsequent processes continue. In this way, it can be ensured that the mobile platform sees only encrypted data, protecting users’ payment information.
Developing standards first to coordinate the industry chain
As introduced in Section 3.4, the mobile payment project involves a long industry chain. China UnionPay, as a central switching point, has to take responsibility for coordinating each of the parties in the industry chain. The method adopted is developing mobile payment standards first and gradually generalizing the standards to the whole industry chain. In terms of mobile payment, China has already set up a relatively complete standard system. The technical standard system has upgraded from a basic channel access interface to a synthesized platform, covering mobile phones, smart cards, application software, security elements, a payment terminal, and system interfaces.
In addition, China UnionPay has organized all parties in the industry to discuss the solutions and standards for the mobile payment, including TOKEN and HCE. We also cooperate with manufacturers to develop related products and promote innovative development of the payment market.
For commercial banks, China UnionPay has provided a uniform interface through its trusted service module (TSM) platform. Banks can develop the accessing system accordingly by referring to the standard interface. Currently, most of the statewide commercial banks have accomplished reconstruction to adapt to the TSM interface, and regional banks are also launching a development project, greatly improving the standard level.
For mobile phone manufacturers, the recommended configuration is NFC communication modules embedded with SE chips. The uniform TSM interface has provided great convenience for mobile phone terminals in accessing the payment network. Once the terminal connects to the TSM network, the issuing services of all banks can be reached, including the binding of existing bankcards and issuance of new bankcards in real time. For other terminal companies, such as wearable device manufacturers, the processes are almost the same as those of mobile phone manufacturers.
In 2012, after the establishment of the mobile payment standards, all the industrial parties put great investment and the industry chain was gradually formed. This has created a favorable opportunity for actively promoting the establishment of an open, mutually beneficial and win-win cooperation mode and a harmonious and standard mobile payment industry chain. In the future, with the advancement of the technical standard requirements on the security level, China UnionPay will continue to upgrade security mechanisms under the support of all parties in the industrial chain to guarantee a high security level of Mobile QuickPass products.
Under the leadership of People’s Bank of China, China UnionPay has taken into consideration both the industry demands and the requirements of the information security project launched by the National Development and Reform Commission. The security architecture and testing mechanism have been gradually established according to the standard requirements, covering mobile terminals, including SD cards, SIM cards, wearable devices and NFC-enabled mobile phones. Under the framework, security mechanisms have been enforced in all of the Mobile QuickPass products, laying a good foundation for the application and large-scale promotion of products.
Adopting a rapid iterative development process to improve product efficiency and user experience
In the era of mobile internet, good mobile applications usually place a great emphasis on user experience and quick releases to satisfy the expectations of end users and to take initiative in the competition.
Under such circumstances, we adopted the mechanism of ‘user experience based rapid iteration’ to develop the Mobile QuickPass products. Compared with the traditional waterfall software development process (
Wikipedia, 2017a, 2017b, 2017c), this agile software development focuses on rapid iteration and user experience feedback (
Wikipedia, 2007a, 2007b, 2007c). This means that the aim of the initial software product is no longer to be fully complete and flawless. Instead, it can be gradually improved through each rapid iteration period and users’ feedback. The iteration process is shown in Fig. 5.
In fact, the user experience and the process of rapid iteration are complementary to each other. On one hand, rapid iteration promotes the product’s online efficiency, which satisfies the expectation of end users. On the other hand, the feedback of user experiences helps the iteration process gradually improve the quality. In the practice of the Mobile QuickPass product release, we have set up the following two objectives:
1) Ensure product quality before online deployment. At the stage of design and development, the rigorous process of user investigation, design specification drafting, and testing follow to ensure the product quality.
2) Improve user experience via feedback and rapid iteration. After the release of an iteration, feedback is collected through end users’ report and expert analysis to explore the problems of the current release. Improvements can then be made accordingly to continuously enhance the product experience.
The detailed mechanism is shown in Table 1.
After the adoption of the ‘user experience based rapid iteration,’ the release period of the Mobile QuickPass application has been shortened from 7 months to 4 months, and the development process is still under improvement. To now, Mobile QuickPass has successfully launched 3 rounds of iterations since its first release in Dec. 2015.
Promoting mobile payment under the guidance of ordered macro-planning, raising the level of independence and controllability
China’s UnionPay has long made great efforts to promote mobile payments. The operation of the Mobile QuickPass brand follows an ordered macro-planning.
Long before the launch of Mobile QuickPass brand, some products have already been put into market. In fact, the chip card itself is capable of NFC payment, and the process of upgrading POS to support NFC payment has also been carried out for a long time. Furthermore, China UnionPay also cooperated with the top three telecom operators in China and launched the SIM+NFC solution in some areas beginning in the year of 2013 to support mobile payment.
Based on the experience of previous products, HCE+TOKEN solution has been introduced as the first Mobile QuickPass product to the market. It is based on the Android operating system, which accounts for approximately 90% of the smart phone market share. It can be implemented on almost all of the Android phones configured with NFC modules. After that, the SE+TOKEN solution has also gradually been promoted through cooperation with various mobile phone manufacturers, both domestic and international companies. This calls for a formidable effort to negotiate with many of the giant smart phone brands. In the near future, Mobile QuickPass will also appear in wearable devices, satisfying people’s need for diversified payment requirements.
Furthermore, during the process of launching the Mobile QuickPass products, we also take this opportunity to gradually promote the adoption of domestic products and standards. In 2012, the National Development and Reform Commission approved the project of IC card security testing and certification. As of 2016, 23 homemade chips have passed the certification test, and commercial banks are encouraged to issue bankcards using these chips. In 2013, China UnionPay applied for the research project of applying an SM encryption algorithm to the inter-bank switching system, and by 2015, China UnionPay’s core switching system and 43 financial institutions adopted the SM encryption algorithm in the production network.
Keeping the bottom-line to properly handle the relation between open cooperation and state information security
As mentioned in Section 3.2, in the mobile payment project, it is necessary to cooperate with international manufactures, especially foreign mobile phone companies, whose products account for a large amount in China’s market.
On one hand, cooperating with international manufactures could greatly promote the influence of the Mobile QuickPass brand, achieving a win-win result. This also conforms to the ‘opening up and reform’ policy and the development strategy of ‘one belt and one road.’ It also helps to lead the mobile payment industry, acquiring more discourse power in the future.
On the other hand, cooperation also raises some concerns on national information security. When handling the relation between open cooperation and state information security, we keep the bottom line of ‘no harm to national financial security, and no risk of information out-leakage.’
Individual sensitive data entail users’ privacy, whereas large-scale and nationwide data belong to state information. This is especially the case for financial data, which is of high value and key importance and relates to the security of the whole nation. It is considered to be important to the data sovereignty for a country and is strictly not allowed to flow outside our country.
Take ApplePay as an example; cooperation with Apple Inc. managed to ensure the security of national information, both legally and technically. First, Apple should set the ApplePay datacenter in China’s Mainland. The main and disaster recovery data centers of ApplePay are located in Shanghai and Tianjin, respectively. The connections between the data center of ApplePay and UnionPay are through a dual redundant private leased line from two different telecom operators to ensure high availability. The data communication passing through the private line is encrypted. Second, the data involved are classified into three catalogues: bankcard data, presentational data and transaction data, as introduced in Section 4.2.4. Each has corresponding processing and storage requirements, and Apple is not allowed to store or send back any user and sensitive payment sensitive information according to the contract. Finally, to make it verifiable, the testing and certification organization will regularly perform onsite inspections and auditions. Furthermore, China UnionPay also cooperates with CNCERT/CC (National Computer Network Emergency Response Technical Team/Coordination Center of China) to technically check and bring attention to the data flow of ApplePay. In terms of the daily operation and security protection of the data center, Apple also promised to strictly follow China’s financial services standards and laws to meet regulatory requirements.
The arduous negotiation with Apple has set up an example for cooperation with other foreign and domestic mobile manufacturers. All the mobile payment participants should follow the same level of data protection requirements to ensure the security of user privacy and national information.
Conclusions
This paper introduces the practice of China UnionPay’s mobile payment project from the perspective of systems engineering. The core problem is solving the conflict between the usability of mobile payment and its security. Driven by the integration of innovative technologies, the security of mobile payment can be comprehensively improved. It is shown that ease of use and security can be simultaneously achieved, instead of compromising one or the other. In addition, the rapid iterative development process is adopted to improve the product release efficiency as well as the user experience. Furthermore, efforts have been made to coordinate the whole payment industry to promote the application of mobile payment and improve the quality of services.
The Author(s) 2017. Published by Higher Education Press. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0)
PDF
(761KB)
