Current location - Quotes Website - Personality signature - Why do domestic third-party payments require digital signatures, while foreign services such as Paypal and Stripe
Why do domestic third-party payments require digital signatures, while foreign services such as Paypal and Stripe

The CA digital certificate system of a website includes two certificates: server-side certificate and client-side certificate.

We usually say that a website uses HTTPS, which actually means that the website uses a server-side certificate (for example, a versign certificate is installed and deployed). At this time, only one-way trust is achieved (client Verify the authenticity of the server's identity), and does not achieve two-way trust (the server trusts the client, and the client trusts the server).

Although using only server certificates can ensure the security of communication links, it cannot guarantee the authenticity of the client's identity. Therefore, it cannot truly guarantee the so-called authenticity, integrity, anti-repudiation, and anti-trust. tamper. For example, if there is a transaction that only relies on the cryptographic system, the user can deny that the transaction was initiated by himself.

In order to authenticate the authenticity of the customer's identity, using digital certificates for digital signatures is an effective way, but it requires additional management and maintenance costs (such as the establishment of an internal CA system, application for client digital certificates, Management and maintenance needs such as issuance and cancellation). For more specific content, please refer to the PKI system and CA system. Back to the main question, why do foreign companies like Paypal, Stripe, etc. only require server-side certificates and do not require users to apply for installation of client-side digital certificates? I think there are several reasons:

1. Domestic bad practices The actual requirements of the network security environment

Although digital certificates, security controls and other means are used, various security issues cannot be avoided. But in a sense, users’ confidence in payment platforms is indeed “more valuable than gold.” Therefore, third-party payment is trying every possible means to use various technologies, including digital certificates, to give users a sense of security and dispel concerns about using online payments. This is crucial in the early stages of e-commerce market cultivation. Once concepts and habits are developed, they will become more important. Become the de facto standard. On the other hand, digital certificates, as a legally recognized electronic signature method, can also protect the interests of third-party payment and banks to a certain extent.

2. Third-party payment license testing requirements

In the license testing, it is mandatory that third-party payment must support multiple security measures such as digital certificates, security controls, and secure keyboards. In foreign countries (mainly Europe and the United States), the network environment is relatively safe, the credit system is also relatively complete, and the cost of breaking the law is relatively high. The security concerns and security needs of cardholders and credit card merchants in online payments are not as strong as in China, so there is no It is necessary to carry out some measures that are relatively complex and require large investment, but the results may not be obvious.