Core Viewpoint - The article highlights the risks associated with the default activation of the no-password payment feature, which has become a new avenue for fraudsters, undermining consumer rights and market trust [1] Group 1: Consumer Rights and Experience - The no-password payment feature, intended for convenience and security, has instead created opportunities for fraud, leading to financial losses for consumers [1] - Users face difficulties in disabling the no-password payment option, as the process is often hidden within multiple app menus, contrasting sharply with the ease of activation [1] - The experience of disabling the feature is complicated by prompts questioning the user's decision, which can deter them from opting out [1] Group 2: Regulatory and Design Recommendations - Companies are urged to integrate user rights into product design, ensuring that the activation process respects consumer choice [1] - Regulatory bodies should enhance oversight of the no-password payment process, focusing on identifying and addressing platform vulnerabilities and improper practices [1] - The article emphasizes that technological convenience should not compromise user safety or lead to deceptive practices [1]

Core Insights - The global launch of the highly anticipated game "Arknights: End of the World" by Eagle Horn Network was marred by a significant payment security incident, leading to substantial financial losses for players and raising concerns about the company's overseas operational capabilities [1][7]. Payment Security Incident - The core issue was identified as a failure in the account isolation mechanism of the PayPal payment interface, allowing incorrect deductions from players' accounts [1][8]. - Abnormal deductions exhibited three characteristics: mismatched amounts (e.g., $10 subscription charged $1200), currency confusion (involving multiple currencies), and random deduction targets [1][8]. Technical Analysis - The root cause of the vulnerability may stem from two main factors: non-compliance with PayPal's official API standards and misuse of the password-free payment authorization mechanism [8][9]. - The incident's impact quickly escalated, with a Twitch streamer experiencing real-time deductions during a live broadcast, leading to widespread attention on social media [8]. Company Response - Eagle Horn Network's overseas brand Gryphline responded promptly by disabling the PayPal payment channel and initiating a full refund process within hours of the first report [2][8]. - The company committed to completing all refunds within four hours and recommended players use credit cards as an alternative payment method [2][8]. Player Reactions - Player feedback on the emergency measures was polarized, with some praising the response speed while others criticized the inconsistency in refund processing and lack of clear communication regarding the restoration of payment channels [9]. - The official announcement did not clarify the specific technical causes of the vulnerability, leading to long-term concerns about system security among players [9]. Industry Implications - The incident has been classified as a "T0-level payment security event," highlighting a significant oversight in the association of payment credentials with user IDs, which is a fundamental industry standard [9]. - The severity of this vulnerability is considered greater than recent industry incidents, as it directly involves real monetary transactions, potentially prompting stricter payment interface audit standards across the gaming industry [9][10]. Market Impact - Prior to the incident, analysts had high expectations for "Arknights: End of the World," predicting annual revenue could reach 15 billion yuan. However, the first-day incident has negatively impacted the game's reputation, resulting in numerous one-star reviews on overseas rating platforms [9][10].

Core Viewpoint - Recent reports indicate that multiple restaurants in Beijing have fallen victim to a "dining reservation scam," where fraudsters exploit payment systems to steal funds from restaurant employees [1] Group 1: Scam Mechanism - Fraudsters impersonate customers and initiate phone calls to restaurants under the pretense of making reservations, leading to a series of unauthorized transactions [3] - During a video call, scammers manipulate the restaurant staff into revealing their payment codes, which are then quickly captured and used for unauthorized transactions [3] - The scam takes advantage of the time delay in switching from payment to receipt codes on platforms like WeChat and Alipay, allowing for rapid fund transfers [3] Group 2: Prevention Measures - Experts suggest that users should be vigilant and recognize the unusual behavior of "remote video-guided payments" as a red flag for scams [4] - Recommendations include disabling the "small amount no-password payment" feature and using professional merchant payment devices instead of personal accounts for large or remote transactions [4] - Users are advised to establish a "no face-to-face, no video" risk control principle and to verify identities through original channels if suspicious requests arise during video calls [4] Group 3: Platform Security Enhancements - Payment platforms like Alipay and WeChat are continuously improving their security measures to combat evolving scams [5][6] - Alipay encourages users to enable the "payment privacy protection" feature, which hides the payment code until explicitly displayed [5] - WeChat has implemented multiple security safeguards, including dynamic payment codes and identity verification for transactions, to protect users from unauthorized access [6]

Core Viewpoint - The rapid development of mobile payment has led to the rise of unauthorized deductions, raising public concerns about payment security and the need for a transparent and secure payment environment [1][7]. Group 1: Incidents of Unauthorized Deductions - Multiple consumers have reported unauthorized deductions through the Zhongjin Payment channel, with common amounts being 29.9 yuan, 59.9 yuan, and larger sums like 149 yuan and 299 yuan [2][3]. - A specific case involved a consumer who experienced continuous deductions of 29.9 yuan without receiving any verification prompts, leading to dissatisfaction with the response from the service provider [2]. - Complaints often arise from scenarios such as accidental clicks on ads, erroneous operations related to train tickets, and subscription services [3]. Group 2: Zhongjin Payment's Position - Zhongjin Payment claims it does not engage in the actual operations of merchants and only provides payment settlement services based on customer instructions [3][4]. - The company has stated that it conducts thorough checks on merchant qualifications and that all deductions are based on valid agreements, asserting that there are no unauthorized deductions from their end [3][4]. Group 3: Legal Perspectives on Responsibility - Legal experts suggest that the responsibility for unauthorized deductions may lie with the merchant or be shared between parties, depending on the nature of the transaction and authorization [5][6]. - Recommendations include reducing visual misguidance in product design and ensuring clear communication of pricing and renewal terms to consumers [6]. Group 4: Regulatory Responses - The frequency of unauthorized deductions has prompted regulatory bodies to issue guidelines aimed at protecting consumer rights and ensuring transparency in pricing practices [7][8]. - New regulations require platforms to clearly display options for automatic payments and provide easy cancellation methods, emphasizing the importance of consumer awareness and consent [8].

Core Viewpoint - A new scam has emerged where fraudsters impersonate "Confidential Bureau" staff to deceive WeChat and Alipay users into downloading malicious software, leading to unauthorized access to their accounts and financial loss [2][4]. Group 1: Scam Details - Fraudsters pose as officials from the "Confidential Bureau," "Banking Regulatory Commission," or platform customer service, claiming that the user's WeChat or Alipay "no-password payment" feature is activated and will incur charges unless disabled [2]. - Victims are directed to a specific website to download malicious software that allows remote control of their devices, enabling fraudsters to manipulate the victims into providing sensitive information such as facial recognition, bank passwords, and SMS verification codes [2][4]. Group 2: User Awareness and Safety Measures - Users should be aware that legitimate authorities will not request sensitive information or guide them to download software via phone calls [5]. - The "no-password payment" feature of WeChat and Alipay does not incur any fees, and any request to disable it or download software under such pretexts is likely a scam [5]. - It is advised not to engage in screen sharing with strangers or download unknown applications, as these may contain remote control capabilities that compromise personal information [5]. Group 3: Industry Response and Recommendations - The China Payment and Clearing Association has called for enhanced security management of "no-password payment" services, emphasizing the need for clear user consent during activation and preventing default activation practices [6]. - There is a need to assess the risk tolerance and capacity of elderly users before enabling "no-password payment" features, ensuring that vulnerable groups are protected [6]. - The industry must collaborate to strengthen security measures, ensuring that "no-password payment" technology enhances convenience without compromising safety [7].

Core Viewpoint - The article emphasizes that the WeChat "no password payment" feature is free of charge and warns users about potential scams related to this service [4]. Group 1: Security Alerts - The WeChat payment "no password payment" feature does not incur any fees, and any requests to "turn off no password payment" that involve charges or software downloads are scams [4]. - Users should avoid engaging in "screen sharing" with strangers or downloading unknown apps, as these may contain remote control functions that can compromise their devices and personal information [4]. - Legitimate authorities will not request sensitive information such as facial recognition, passwords, or verification codes via phone calls [4]. - For any inquiries regarding payment features, users should verify through official customer service channels within the WeChat or Alipay apps and not trust unsolicited calls [4]. - If a scam is suspected, users should immediately freeze their bank cards and report to the police, keeping records of calls and software names as evidence [4].

Core Viewpoint - The company has initiated a compliance rectification action for its payment business in response to regulatory directives from the People's Bank of China, aiming to ensure the safety and compliance of its operations [1][3]. Group 1: Compliance Rectification Action - The company has launched a comprehensive review and rectification initiative targeting all partner service providers and terminal expansion programs to align with regulatory requirements [1][3]. - The rectification process includes a full review of existing terminal devices, with a plan to eliminate any devices that do not meet national and industry certification standards [1][3]. - A special inspection team will be formed to address issues related to abnormal transaction patterns, non-compliant transaction behaviors, and transactions exceeding normal ranges [4]. Group 2: Commitment to Industry Standards - The rectification action is described as a necessary measure for the company to fulfill its corporate responsibilities and implement national financial regulatory policies [2][4]. - The company emphasizes the importance of this action in protecting the legitimate rights of compliant partners and merchants, as well as maintaining a healthy development order in the industry [2][4]. - The company urges all partners to take the rectification work seriously and cooperate with the inspection and cleaning requirements to build a safe, orderly, and compliant payment service environment [2][4].

Core Viewpoint - The China Payment and Clearing Association has issued an initiative to enhance the security management of "no-password payment" services, emphasizing the need to eliminate default activation practices and provide a one-click cancellation feature for users [1][2]. Group 1: Consumer Concerns - Consumers express a strong desire for more choice regarding "no-password payment," advocating against misleading practices such as default selections and one-click activations [2][3]. - There is a significant concern regarding the security of "no-password payment," with calls for payment service providers to balance convenience with safety [2][3]. Group 2: Industry Response - The China Consumer Association previously issued a reminder for consumers to be cautious when using "no-password payment" to prevent potential financial losses due to excessive account permissions [2]. - The recent initiative from the Payment and Clearing Association aims to ensure that user consent is clearly obtained and that the activation of "no-password payment" is not done by default [2][3]. Group 3: Recommendations for Payment Service Providers - Payment service providers are encouraged to optimize their processes to ensure clear consumer consent for "no-password payment" and to provide easy access to cancellation options [3]. - There is a recommendation to enhance monitoring of transactions and improve risk management capabilities to protect consumers from financial losses [3]. Group 4: Consumer Best Practices - Consumers are advised to remain vigilant during online payments, enhancing their device and account security through measures such as two-factor authentication and regular password changes [3]. - It is suggested that consumers regularly check their "no-password payment" agreements and monitor transaction alerts to quickly address any anomalies [3].

Core Viewpoint - The rise of "no-password payment" has made transactions more convenient, but it also poses significant security risks, leading to unauthorized charges and difficulties in managing payment settings [2][3][6] Group 1: Convenience of No-Password Payment - "No-password payment" has become a preferred choice for many due to its high convenience, allowing transactions to be completed instantly without the need for password input [2][3] - Users have reported issues such as accidental activation of "no-password payment" by elderly family members, leading to unexpected purchases [2][3] Group 2: Security Risks - The lack of password or secondary verification in "no-password payment" can lead to unauthorized transactions, especially if a phone is lost or account information is leaked [3][5] - Some platforms impose limits on single transaction amounts but do not restrict the frequency of transactions, enabling potential fraud through small, repeated charges [3][5] Group 3: User Management and Prevention - Users can check and manage their "no-password payment" settings through various apps like Alipay and WeChat, with specific steps outlined for each platform [4][5] - Recommendations for users include regularly reviewing and cleaning up authorization settings, enhancing device and account security, and maintaining a habit of checking transaction records to identify any anomalies [5][6] Group 4: Recommendations for Payment Platforms - Payment service providers should strengthen the management of "no-password payment" features by ensuring user identity verification and avoiding default activation of such services [5][6] - Platforms should implement measures to detect unusual transaction patterns and provide users with easy options to deactivate "no-password payment" if they choose to do so [5][6]

Core Viewpoint - The China Payment and Clearing Association has issued an initiative for the security management of "no-password payment" services, aiming to balance payment convenience with fund security [1][2] Group 1: Initiative and Recommendations - The initiative calls for payment service providers to avoid default activation of "no-password payment," provide a one-click cancellation feature, and enhance user awareness of security [1] - The initiative addresses weaknesses in the "no-password payment" process, marking an important step in strengthening payment security [1] Group 2: Responsibilities and Actions - Payment service providers are urged to respond actively to the initiative, ensuring that services are not defaulted on and that cancellation is convenient, thereby safeguarding user rights [1] - Providers should enhance risk management capabilities through technology, such as risk modeling and big data analysis, to detect and prevent unusual transaction patterns [1] Group 3: Regulatory and User Engagement - Regulatory bodies are encouraged to strengthen ongoing supervision and special rectification efforts, utilizing technical monitoring and random inspections to combat illegal activities [2] - Users are advised to improve their payment security awareness and remain cautious of unfamiliar pop-ups and agreements to protect their financial safety [2]