Online payment continues to be hot, but when it comes to funds, it must be safe and stable. Here is some knowledge about payment
Method of payment
collection
1. E-bank payment provides PC or Wap to jump to the bank’s e-bank for payment, which is more complicated to use, and each bank supports different, which may be slightly complicated for user experience. Currently, it is more used for public aspects, but less for private aspects.
2, scanning code payment wechat Alipay or two-dimensional code payment of the bank, scanning code payment is now a trend, convenient and fast from the volume can also be seen, more suitable for most OF the PC page payment.
3. SDK payment wechat Alipay or bank SDK evokes client payment, which is more suitable for mobile terminal. Combined with APP, it evokes very smooth, and is often used for payment on mobile game APP.
4, card payment this is to many such as mobile recharge cards, game cards, cards as a way of payment to complete the whole payment process, the game business is more like to use.
5. Fast payment Is a convenient payment method that requires four or six elements (credit card) authentication from the bank to complete the whole operation quickly. Moreover, the concept of tying the card saves the user from re-entering the complicated card number for the second time, which is supported by mobile and PC.
6. The steps taken by withholding are similar to those taken by fast, but different. Withholding first requires the user to complete the contract. More suitable for members of the business, timing deduction.
A refund
That is, the counter transaction of collection can return part or all of the collection to the user account in accordance with the original collection method.
Payment is made by transferring the amount into the user’s bank card through the agent interface.
Other red packets: Amount of merchant account Amount of red packets distributed to user account. Voucher: Merchant voucher account distributes vouchers to user voucher account. Wallet: The balance in the user account system with other payment methods.
The interaction process
The interaction process is usually as follows:
Place an order to pay
Check receipt -> select appropriate channel -> record flow -> billing treatment -> request channel payment -> go to payment channel to complete payment.
The result notification
Payment channel asynchronous or synchronous notification -> Complete a series of operations such as visa check and order information check -> account processing change status -> asynchronous notification business.
Pay for the query
Obtain the order whose status has not changed for a long time (such as 5 minutes ago) -> go to the channel to inquire -> check the order information and other operations -> write back the order according to the status.
Payment reconciliation:
T+1 or T+2 obtain reconciliation files -> compare with the data in the database -> record abnormal orders for notification.
The account system
For gateway and other operations, support can be completed without user ID system, so this kind of business can not use the account system, only need an intermediary account to complete the debit and credit accounting process. For user balance payment and other operations, it is necessary to have a user account system on the third-party payment platform.
Channel management
How do I find the channel I want to use
You may need to select the channel with the lowest fee according to the amount of money, enable different channels according to the time, use different channels according to the version, and use different channels according to the priority weight
How do I switch over a channel fault
How to switch the channel in the first time when it fails? To ensure that users’ payments are not affected? How to minimize manual intervention and avoid wasting time?
These are all things a channel manager must consider.
Interactive security
The whole site uses HTTPS
HTTP is prone to hijacking and tampering. However, HTTPS supports SSL/TLS, encrypts transmitted data, and provides a verification mechanism. Therefore, it is necessary to use HTTPS in case of fund security.
Public network and Private line
Public that everyone can access to the services they offer, and the special line is a real physical line, so the shuttle service greatly improves security, access to some shortcut, paid, argues straight league business such as many Banks will require the use of special line, special line needs both aspects of the operation room personnel communicate with operators in the pull.
Signature and verification
An effective way to prevent tampering is that both parties have signature keys unknown to the outside and different signature keys are generated according to certain rules according to parameters. In this way, tampering will be detected. Currently, there are two common methods: 1. After stitching the original string according to certain rules, stitching the unique key value for MD5 generation. 2. After combining the original string according to certain rules, use the RSA private key to sign and the public key to check.
encryption
Payment will involve a lot of sensitive information, how to ensure these security, that is, need encryption. There are two encryption methods: 1, symmetric encryption, 3DES, AES, etc., fast, but as long as one party leaks the key, that is, extremely insecure. 2, asymmetric encryption, RSA, etc., safe, but slow, not suitable for long string. Therefore, many use the following combination, that is, generate a key, use this key to encrypt all data symmetrically, use asymmetric encryption to encrypt this key, and then transmit data
Imitation of fishing
Two main points: 1. Set the whitelist of the refer page source. 2. Request time and reject early orders.
Simple risk control
The main points can be considered as follows: 1, user related, such as IP, ID, transaction times, user level quota. 2. Merchant related, such as merchant status and merchant single transaction limit.
Avoid risks
Less successful collection, payment, refund less failure
In view of the collection judgment status must be carefully judged, to prevent misjudgment of its success, notify the business delivery operation. The payment and refund judgment status should be prevented from misjudging its failure, so that users can immediately initiate a refund again.
Verify channel and order information
Note the following for the information received in the asynchronous notification: 1. Check the signature and determine the status. 2, verify the channel’s information, such as is the partner_id opened in the channel? 3. Verify the order information, including the payment amount, in detail.
Related articles
- Summary of two-dimensional code payment knowledge
- Summary of payment technology knowledge