First, the main risks of electronic payment
Basic risks of electronic payment.
At the same time, electronic payment not only brings convenience to consumers, but also brings new opportunities to the banking industry, and also challenges related subjects. Electronic payment faces many risks, including economic fluctuation and technical risk, transaction risk and credit risk. The traditional risks in the financial system are particularly prominent in electronic payment.
(1) Economic fluctuation risk
Electronic payment system, like traditional financial activities, faces the risk of economic cyclical fluctuations. At the same time, due to its characteristics of informationization, internationalization, networking and invisibility, the risks faced by electronic payment spread faster and are more harmful. Once financial institutions have risks, it is easy to cause a chain reaction in the whole financial system quickly through the network, which will lead to overall and systematic financial risks, thus leading to the chaos of economic order and even a serious economic crisis.
(2) Risks of electronic payment system
The first is the risk of software and hardware systems. Generally speaking, the business operation of electronic payment and a lot of risk control work are completed by computer software system. The defects or problems in technology and management of global electronic information system have become the most important system risk in the operation of electronic payment. In the information transmission with customers, if the system is incompatible with the software of the customer terminal or fails, the transmission may be interrupted or the speed may be reduced. In addition, uncertainties such as system downtime and disk array destruction will also form system risks. According to the survey of different industries in developed countries, the losses caused by computer system downtime and other factors are different for different industries. Among them, it has the greatest impact on the financial industry. The commercial services of retail and financial industries in developed countries depend on the operation of information systems to a great extent. The balanced, reliable and safe operation of information system has become an important guarantee for the security of electronic payment system.
Second, external support risks. Due to the high knowledge and professionalism of network technology and the consideration of reducing operating costs, financial institutions often rely on the service support of external markets to solve internal technical or management problems, such as hiring external experts of financial institutions to support or directly operate various online business activities. This practice adapts to the development of electronic payment, but it also exposes possible operational risks. External technical supporters may not have enough ability to meet the requirements of financial institutions, or they may stop providing services because of their own financial difficulties, posing a threat to financial institutions. Among all the system risks, the most technical system risk is the mistake in the choice of information technology for electronic payment. When various online business solutions emerge one after another, and different information technology companies strongly recommend their own solutions, and there may be problems in system compatibility, the wrong choice will not be conducive to the effective connection between the system and the network, and will also cause huge losses in technical opportunities and even commercial opportunities.
(3) Transaction risk
Electronic payment mainly serves the needs of e-commerce, and online transactions of e-commerce may lead to risks due to defects in trading system design, technical route design and technical security. This kind of risk is unique to e-commerce activities and related electronic payment, which may not only be limited to both parties to the transaction and the payment, but also lead to systematic risks in the whole payment system.
2. Operational risks of electronic payment.
The operational risks of banks have a long history. The Basel Committee on Banking Supervision organized national regulatory agencies to systematically summarize several common risks, such as operational risk, reputation risk and legal risk. In traditional business, these risks take different forms. In terms of operational risks, it may be that the loan officer did not conduct a serious credit investigation on the borrower, or did not ask the borrower to provide qualified guarantees, and blindly provided guarantees without careful examination, and so on. These risks can be prevented by a series of existing management measures, such as double counters, such as formulating and strictly implementing a set of loan operation procedures, and so on. Most risks in traditional business are not directly related to technology. Although the risk in one link has an impact on other links, the impact is limited to a certain extent.
Electronic payment increases the risk and expands the scope of influence. The risk of a certain link may have a potential impact on the whole institution and even the financial system. The potential losses caused by the progress in information technology fields such as the Internet have gone far beyond the victims' tolerance, and have affected economic security. This situation is directly related to technology, among which the most prominent performance is operational risk. Many risks of electronic money can be summarized as operational risks. Some criminals engaged in electronic money business forged electronic money, which brought direct economic losses to banks. These criminals not only come from outside the bank, but sometimes from inside the bank, which poses a greater threat to the bank.
(1) electronic pickpocket
Some bank thieves, known as "electronic pickpockets", specialize in stealing other people's network addresses, and this kind of theft has shown a rapid upward trend in recent years. Some thieves steal bank and enterprise passwords, browse enterprise core secrets, and even sell the stolen secrets to competitors, out of commercial interests or dissatisfaction with their banks or enterprises. Bank of America is robbed of $60 million online every year, and the total number of attempted online electronic theft is as high as $5-65.438+00 billion. The average value of armed bank robbery is $7,500, while the average value of "electronic pickpockets" is $250,000. "Electronic pickpockets" are mostly experts in deciphering passwords, and their methods of committing crimes are hidden and difficult to be caught.
(2) Internet fraud
Internet fraud includes market manipulation, insider trading, unlicensed brokerage, investment consulting activities, deceptive or improper sales activities, misleading high-tech investment and other Internet fraud. According to the survey of the North American Securities Managers Association, online fraud is estimated to cause losses of $654.38+000 billion to investors every year.
(3) Network hackers
That is, those who illegally invade computer systems, cyber hacking attacks have great potential risks to national financial security. At present, hacker attacks involve almost all operating systems, including UNIX and windowsNT. Because many network systems have various security vulnerabilities, some of which are problems of the operating system itself, and some are caused by administrator configuration errors. Hackers use any loopholes and defects on the Internet to modify web pages, illegally enter hosts, enter banks to steal and transfer funds, steal information and send fake emails.
(4) computer virus damage
Computer network viruses are extremely destructive. Take NOVELL network as an example, once the hard disk of the file server is infected by virus, it may destroy the contents of some areas of NetWare partition, make the network server unable to start, and lead to the paralysis of the whole network, which is undoubtedly a disaster for the electronic payment system. Computer network viruses generally have a strong regeneration function, and they can spread infection through the network as soon as they come into contact. Once a program is infected, it will soon infect the whole machine and the whole network. According to relevant data, the speed of virus spreading on the network is dozens of times that of a single computer, and it is also fatal to electronic payment. In view of the characteristics of extremely destructive computer network virus, developed regeneration mechanism and wide spread, how to solve computer network virus is one of the primary problems to be solved in the current electronic payment supervision.
These risks can be summarized as operational risks, which are directly or indirectly related to technology. Therefore, the Basel Committee believes that operational risks come from "potential losses caused by major defects in the reliability and integrity of the system", and the operational risks of electronic payment institutions include security risks caused by electronic money crimes, risks caused by internal employee fraud, risks caused by system design, implementation and maintenance, and risks caused by improper customer operations. Other organizations, such as the European Central Bank, the U.S. Monetary Authority and the Federal Deposit Board, have made similar or similar descriptions of the operational risks of electronic payment institutions.
3. Legal risks of electronic payment.
Electronic payment business often involves banking law, securities law, consumer rights protection law, financial disclosure system, privacy protection law, intellectual property law and currency banking system. At present, the global electronic payment legislation is relatively backward. Many existing laws are applicable to traditional forms of financial business. There are many new problems in electronic payment business. For example, the subject qualification of issuing electronic money, the control of electronic money circulation, the determination of electronic payment business qualification, the supervision of electronic payment activities, the obligations of customers and the responsibilities of banks. Countries still lack corresponding laws and regulations to regulate these problems. Take online lending as an example. Even the financial supervision department of Taiwan Province Province, which developed online loan business earlier, has no relevant laws and regulations to regulate this emerging business. What its regulator can do now is to approve the model contract submitted by the bank. The consequences of the lack of adjustment of legal norms are manifested in two aspects: either the judiciary or the arbitrator must use traditional legal rules and legal tools to analyze disputes arising from online commerce; Judges or arbitrators have to give up accepting such disputes. Because of the particularity of network disputes, it is very difficult to solve them with traditional legal rules; However, passively refusing to accept relevant disputes will not help solve the problem. The lack of legal provisions makes financial institutions face great legal risks.
At present, in many aspects of electronic payment business, there are no laws and regulations to regulate the relationship between business and parties. In some aspects of electronic payment business, although there are some traditional laws and regulations, whether they should be applied and to what extent, the parties are not clear, and sometimes regulators may not understand them. In this case, on the one hand, the parties may be unwilling to engage in such activities, on the other hand, after the dispute occurs, no one can convince anyone and solve the problem. For example, in dealing with the relationship between banks and customers, existing laws are always more inclined to protect customers and set stricter obligations on banks. The US 1978 Electronic Funds Transfer Act stipulates that banks must disclose a series of information to customers when providing debit card services such as ATM cards, otherwise banks will face potential risks. However, after the emergence of electronic money, especially smart cards, even regulators can't make a decision immediately whether smart cards need to disclose the same information. Because the performance of the two cards is completely different, the information required to be disclosed by debit card business may be meaningless to smart cards, and sometimes the requirements are too strict, which leads to the high cost of issuing banks and hinders business development. In this case, banks engaged in this business will be in a dilemma, and no one can predict what will happen in the event of disputes or lawsuits in the future.
In addition, electronic payment also faces legal risks such as money laundering, customer privacy and online transactions. This requires banks to carefully analyze and study the legal risks they face when engaging in new electronic payment business.
4. Other risks of electronic payment.
Besides basic risk, operational risk and legal risk, electronic payment also faces market risk, credit risk, liquidity risk, reputation risk and settlement risk.
(1) Market risk
The exchange rate risk brought by the change of foreign exchange rate is one of the market risks. In addition, the price changes of major commodities in the international market and the economic conditions of major international settlement currency banks will also indirectly trigger market fluctuations, which will constitute the market risk of electronic payment.
(2) Credit risk
The risk that the counterparty will not fully perform its obligations on the maturity date. The way of electronic payment to expand financial services is different from traditional finance. Its virtual service business has formed a borderless financial service feature that breaks through geographical boundaries, which requires higher and more reasonable credit structure for financial transactions, and financial institutions may face greater credit risks. Taking online banking as an example, online banking may increase the credit risk of online banking by evaluating the borrower's credit rating through remote communication and credit confirmation procedures. Due to the borrower's failure to fulfill the obligation of electronic money lending, or due to the imperfection of the financial credit evaluation system running on the borrower's network, the credit evaluation is wrong. In addition, international banks that buy electronic money from issuers and resell it will also bear credit risk, because issuers do not cash electronic money. Sometimes, the issuer of electronic money will invest the funds obtained from the sale of electronic money, and if the investee fails to perform its business, it may bring credit risk to the issuer. In short, as long as the other party who deals with the electronic payment institution fails to fulfill its obligations, it will bring credit risk to the electronic payment institution.
The imperfection of social credit system is the fundamental reason for the existence of credit risk, and it is also an important factor restricting the development of electronic payment business and even e-commerce.
(3) Liquidity risk
When electronic payment institutions do not have enough funds to meet the needs of customers to cash in electronic money or settle accounts, they will face liquidity risks. Under normal circumstances, electronic payment institutions often fall into a vicious circle of reputation risk because of liquidity risk. As long as electronic payment institutions can't quickly increase their liabilities or realize their assets at a reasonable cost in order to obtain enough funds to repay their debts, there is liquidity risk, which mainly happens to issuers of electronic money. The issuer will invest the proceeds from the sale of electronic money. When customers demand to redeem electronic money, the invested assets may not be realized quickly, or may cause heavy losses, thus exposing the issuer to liquidity risk and reputation risk. Liquidity risk and reputation risk are often linked and become interrelated risks. The liquidity risk of electronic money is related to the issuance scale and balance of electronic money. The larger the issuance scale, the larger the balance for settlement, and the more serious the liquidity problems such as the issuer's inability to redeem its issued electronic money or lack of sufficient liquidation funds.
Due to the strong liquidity of electronic money, electronic payment institutions face greater liquidity risk than traditional financial institutions.
(4) Settlement risk
The internationalization of the clearing system greatly increases the risk of international settlement. For all kinds of financial transactions based on electronic payment and settlement system, the number of remittances in developed countries can reach hundreds or even tens of millions every day.
Second, the risk prevention of electronic payment
1, electronic payment risk management steps
The basic steps and principles of electronic payment and traditional financial risk management are almost the same, but different countries and different regulatory agencies may formulate different requirements for electronic payment risk management according to different situations. At present, the most common and easy to understand is the risk management steps adopted by the Basel Committee. Taking online banking as an example, the Basel Committee divides the risk management of electronic payment into three steps: risk assessment, risk management and control, and risk monitoring. Risk assessment actually includes the process of risk identification. However, risk identification is only the most basic step. After risk identification, it is necessary to quantify the risk as much as possible. After quantification, the management of the bank can know how big the risks the bank faces, what impact it will have on the bank and what the probability of these risks is. Wait a minute. On this basis, the management of the bank should make a decision to determine how much risk the bank can tolerate. In other words, if these risks occur. Causing corresponding losses. Can the bank management accept it? At this point, the risk assessment is completed. The process of managing and controlling risks is complicated. Simply put, it is to adopt various corresponding control measures and systems. The last step, risk monitoring, is based on the previous two steps. In fact, after the system is put into operation and various measures are taken one after another, the effectiveness of the above measures can be detected and monitored through the monitoring of machinery and equipment and the internal or external audit of personnel, and potential problems can be found and solved in time.
Simply put, the risk management process is the sum of a series of systems and measures formed by the combination of technical measures and management control measures. The whole process is not much different from the risk management of traditional banking business, but the new risk management measures adopted by electronic payment need to be coordinated with the original internal control system of banks and integrated with the risk management measures of traditional banking business.
2. Technical measures to prevent electronic payment risks
The prevention of electronic payment risks also depends on many technical measures.
(1) Establish a network security protection system to prevent system risks and operational risks. Constantly adopt new security technologies to ensure the information flow and operation safety of electronic payment, such as firewall, filtering and encryption technologies. , to speed up the development of more secure information security technology, including stronger encryption technology, network use record inspection and evaluation technology, human feature identification technology, etc. Make the correct information timely and accurately transmitted between customers and banks, and prevent unauthorized users, such as hackers, from illegally accessing and interfering with the information stored in electronic payment. Its main purpose is to protect the network system in advance on the basis of fully analyzing the network vulnerability. Mainly through the use of physical security strategy, access control strategy, building a firewall, security interface, digital signature and other high-tech network technologies to achieve. In order to ensure the security of electronic payment services, there are usually three kinds of protective facilities. Firstly, the encryption processing technology installed on the browser used by users to surf the internet ensures the confidentiality of data transmission and ensures that users will not be stolen and abused after entering passwords, account numbers and data; The second is a security filtering router called "firewall" to prevent improper intrusion by outsiders; The third protection measure is "trusted operating system", which can fully protect the transaction hub server of electronic payment from being destroyed and tampered with by outsiders, especially "hackers".
(2) Develop database and data warehouse technology, establish large-scale electronic payment data warehouse or decision support system to prevent financial risks such as credit risk and market risk. Store and process information through database technology or data warehouse technology to support bank decision-making, and prevent various possible financial risks with scientific and correct decision-making. To prevent the credit risk of electronic payment, we must start with solving the symmetry, sufficiency, transparency and correctness of information, and rely on database technology to store, manage and analyze data, which is the basic work that modern management must complete. The design of electronic payment database can consider the collection, processing and analysis of information resources from the perspective of socialization, and scientifically manage assets, liabilities and intermediary business with customers as the center. Different banks can implement the borrower credit information sharing system, and establish an early warning list and a "blacklist" system for bad borrowers. Classify, analyze and count enterprises or enterprise groups with a certain proportion of asset control relationship, business control relationship and personnel association relationship through the database, and uniformly monitor credit granting.
(3) Accelerate the research, development and utilization of financial engineering. Financial engineering is produced on the basis of financial innovation and financial high-tech, which refers to a financial innovation tool or technology designed and developed to obtain the best income within a certain risk range by using various related theories and knowledge. At present, it is urgent to strengthen the influence of electronic technology innovation on the new electronic payment mode and technology, and the adjustment of legal system and supervision caused by it.
(4) Prevent financial risks through management and training. Electronic payment is the product of technological development, and many risk management measures are inseparable from the application of technology. But these technical measures are not purely technical measures, and technical measures still need people to come. Implementation, so improving the quality of employees through management and training is an important way to prevent financial risks. The Regulations on the Security Protection of Computer Systems in People's Republic of China (PRC) and the Interim Provisions on the Management of International Networking of Computer Information Networks in People's Republic of China (PRC) stipulate the security of computer information systems and the management and use of computer information networks, and strictly require financial practitioners such as electronic payment to operate and improve their management in accordance with national laws, raise their awareness of safety and responsibility, and ensure the safe and good operation of electronic payment services.
Therefore, it is necessary to improve the management and technical training of all kinds of personnel. It is necessary to strengthen the training and education of staff at all levels in various ways, so that they can fundamentally understand the importance of financial network system security, and strengthen the education of law and discipline, safety and confidentiality for all relevant personnel, and improve the awareness of electronic payment security protection. Is to train employees inside the bank. Because electronic payment is the product of technology, it is also an important aspect of risk management to let internal employees have the corresponding technical level. These trainings include various ways, such as professional and technical courses, requiring employees to participate in seminars and working groups in the industry. At the same time, ensure that the corresponding technicians can have time to study and follow the development of the market and technology. The second is to educate and train customers, teach them how to use the bank's equipment, what to do if there are problems, and disclose relevant information to customers through training, such as the nature of links established on the bank's homepage, consumer protection measures, data confidentiality requirements, etc., in order to reduce the corresponding legal risks.
Firewall is a general term for a series of hardware and software. A firewall can separate the bank's internal network from the external network, and outsiders can't enter the internal network at will. Sometimes, the same technology can be used to divide the internal network. In this way, people of different levels and positions can't enter other departments at will, and information with different confidentiality levels can be placed in different locations. Sometimes not only the network needs to be divided, but also the actual equipment needs to be placed separately for centralized protection. For example, all key devices supporting the internal network, auxiliary devices (keyboard, computer controlling the server), firewalls, etc. They are all concentrated in glass rooms, restricting outsiders from entering these places, and setting up 24-hour guards at the same time. If some equipment must be separated due to geographical and business needs, several glass rooms can be set up and the same safety measures can be taken.
In addition, there are many other technical precautions. Such as anti-virus technical measures, the management of the main server and so on. These measures are technical and need special attention from bank management. At the same time, technical measures alone are not enough, but also need to be supplemented by corresponding management and internal control measures. For example, the internal staff of the bank should be strictly examined, especially those who have access to confidential information, such as system administrators, programmers and logistics personnel. The contents of the inspection include hiring experts to inspect their professional skills, family background, criminal record and debt history. Some important people, such as system administrators, may have potential risks because they can access any computer and database without obstacles. For such people, measures such as separation of responsibilities and mutual supervision must be taken to control them.
3. Strengthen the legislative construction of electronic payment.
The rapid development of electronic payment business has led to many new problems and contradictions, which also makes the legislation relatively backward. On the other hand, the scope of electronic payment is quite extensive, which also brings some difficulties to the legislative work. In the development of electronic payment, in order to guard against various possible risks, we should not only improve technical measures and management system, but also strengthen legislative construction.
In view of the problems existing in current electronic payment activities, relevant laws should be established to regulate the behavior of electronic payment participants. Standardize the risk responsibility of electronic payment business operation and electronic fund transfer, and formulate rules such as jurisdiction and arbitration of electronic payment criminal cases. The security and confidentiality of village affairs should also be guaranteed by law, and corresponding legal sanctions should be imposed on computer crimes, computer leaks and theft of commercial and financial secrets, and an electronic payment environment with legal permission, legal protection and legal constraints should be gradually formed.
4. Other aspects of electronic payment risk management.
Technical security measures occupy a very important position in electronic payment risk management, which is also an obvious feature of electronic payment risk management. However, the risk management of electronic payment is not limited to the adoption of technical security measures, but the sum of a series of risk management control measures.
(1) Manage external resources. At present, a trend of electronic payment is that more and more external technology suppliers participate in the electronic business of banks. These suppliers may provide machinery and equipment at one time or provide technical support for a long time. The participation of external manufacturers enables banks to reduce costs and improve their technical level, but it increases the risks they take. Therefore, banks should take relevant measures to effectively manage external resources. For example, it is required to have the right to inspect and supervise the operation and financial status of external manufacturers, and to clarify the rights and obligations of both parties through contracts, including the responsibilities that technology manufacturers should bear when technical failures or consumers are dissatisfied. At the same time, we should also consider and prepare other alternative resources to prevent a technology manufacturer from having problems. As a regulator, it is also necessary to maintain supervision over technology suppliers associated with banks.
(2) Establish and improve the internal management system of financial network. To ensure the security of the network system, we should not only establish a series of security measures in the working environment, but also establish and improve various internal management systems of the financial network.
Establish and improve the computer room management system, and strictly implement it. It is an effective means to ensure the security of financial network system at present. Computer room management system includes not only the management of computer room staff, but also the management of computer room data and information and the operation of computer systems. Operators are required to operate in accordance with the prescribed procedures to ensure the confidentiality and security of information and materials meet the requirements.
(3) Establish an emergency plan. Electronic payment brings convenience to customers, but it may also fail instantly, leaving banks and customers at a loss. Therefore, it is very important to establish the corresponding emergency plan and fault-tolerant system. The emergency plan includes a series of measures and arrangements. Such as data recovery measures, alternative business processing equipment, personnel arrangement for emergency measures, measures to support customers, and so on. These emergency facilities must be tested regularly to ensure that they can really run in the event of an accident.
5. Strengthen the supervision of electronic payment.
In order to ensure the security of financial order, maintain fair and effective competition in the banking industry, protect the interests of depositors and the public, and ensure the smooth implementation of the central bank's monetary policy, financial supervision must be strengthened. In order to achieve the multiple objectives of financial supervision, the central bank should adhere to three basic principles: classified management, fair treatment and open supervision. The principle of classified management is to classify financial institutions, highlight key points and manage them separately; The principle of fair treatment means that in the process of financial supervision, no matter who the object of supervision is, unified supervision standards are applied, which is not contradictory to the principle of classified management. Classified management is to highlight key points and strengthen monitoring, but it does not lower the regulatory standards; The principle of open supervision refers to strengthening the transparency of financial supervision. When implementing financial supervision, the central bank should clarify the applicable laws, regulations, policies and regulatory requirements of financial institutions, which is also convenient for public supervision. At present, the phenomenon of regulatory evasion under the network condition is more serious, which changes the power contrast between financial regulatory departments and financial institutions and increases the difficulty of financial supervision. International differences bring inconvenience to the supervision of electronic payment, and the legal system of international financial supervision applicable to e-commerce needs to be established and improved urgently. The lag of financial supervision has increased, and the development of e-commerce has accelerated the pace of financial innovation. The laws, regulations and means of financial supervision may lag behind the innovation and development of electronic payment business more and more. The instability of financial industry puts forward new requirements for electronic payment supervision. The changes in the international financial environment, from exchange rate risk prevention to financial turmoil, from the risk prevention of the global financial system to the standardization and institutionalization of the financial securities market, all reflect that the coordination of international financial supervision is an inevitable requirement for the deepening development of networking and international finance.
The specific measures of electronic payment supervision include domestic supervision measures and international financial supervision coordination.
(1) Domestic regulatory measures. Including financial supervision means should be forward-looking and predictable, and solve the existing lag problem; Establish a supervision system based on risk supervision; Effectively combine industry self-discipline with financial supervision; Establish and improve the laws, regulations and systems of electronic payment supervision; Establish and improve the financial information disclosure system to enhance the transparency of financial supervision; Strengthen the supervision of financial intermediaries and form an effective supervision system of central bank-intermediaries-financial self-regulatory organizations; The supervision methods are mainly on-site inspection and off-site inspection. On-site inspection mainly refers to the supervision conducted by the regulatory authorities in person, and off-site inspection mainly refers to the supervision of the supervised objects through statements and collected information.
(2) Coordination of international supervision. Including the establishment of exchange rate coordination mechanism and international unified information disclosure and market restraint system under the condition of electronic payment; Coordinate and control the flow of international short-term capital in the network; Supervision and coordination to prevent international financial crimes; Strengthen the coordination between market access and financial risk supervision; Coordinate the supervision mechanism of highly leveraged and high-risk financial institutions such as hedge funds; Carry out international unified financial supervision legislation.
In a word, electronic payment connects the global financial system, further deepens financial globalization, and correspondingly makes risk control need to be carried out in a broader field of vision.
In addition, there are group-buying products on the stationmaster group, which are cheap and guaranteed.