QR Code Password-free Payment Carries a Risk of Theft. How Can ERP Software Security Be Ensured?-数夫软件

News Center

Home News Center Industry Knowledge

Industry Knowledge

QR-code Password-free Payment Carries Theft Risk; How to Ensure ERP System Security?

Published on: 2019-05-28

Why is there a risk of funds being stolen through password-free QR code payments?Recently, the Jiangbei Branch of the Chongqing Public Security Bureau cracked a case in which WeChat funds were stolen at a supermarket cashier. In response, WeChat stated, "To ensure payment security, the validity of a WeChat Pay payment code is limited to 1. minute and can only be used once." If funds are unfortunately stolen, users can apply for compensation through WeChat Pay's "Million-Yuan Protection," or file a complaint in the bill details. A professional customer service team will handle the case, and if the theft is confirmed, WeChat Pay will fully compensate the stolen amount.

How is QR code theft carried out?

In the case above, the suspect used a third-party payment application to steal other people's payment codes and achieve the purpose of stealing funds. By registering on the software as a merchant, the suspect could become a receiving merchant. When payment was needed, they only had to scan the customer's WeChat or Alipay payment code and then enter the amount to receive payment. In the above case, the account names displayed for the victims' payments all showed "One-Stop 24-Hour Convenience Store." Because the password-free QR code payment limit is generally 1,000 yuan, and any amount exceeding this limit requires password verification, the suspect kept every scanned amount below 1,000 yuan. Officer Wu said that during the crime, the suspect left immediately after scanning, so even if the victim noticed the deduction on the spot, it was already too late. By the time they reacted, only the people in line were still around."

Risk of Funds Being Stolen in Password-Free QR Code Payments

Now, in the internet era, many things are done online. For the security of ERP systems used by many enterprises, how should we protect it?

Today, implementing ERP software is crucial for any enterprise. Enterprise applications, whether large or small, can help businesses develop and attract customers. When choosing ERP software, one of the key factors to consider is its security performance.

How to Ensure ERP System Security:

1. ERP security is inseparable from the software package
In a sense, this statement is indeed true. The software packages provided by ERP vendors do have a certain level of security, but these are all standard configurations, and the security of the systems purchased by all enterprises is basically the same. For enterprises involving sensitive information, such as those in defense, aviation, pharmaceuticals, and other industries, data is of paramount importance, and the data security of ERP software becomes a key focus when purchasing new systems, or they may choose to add an extra layer of protection to the current system. Even enterprises outside these industries have their own data to process, such as financial and customer data, all of which require strict protection. Therefore, ERP security performance is a key concern for all enterprises.
2. Misunderstanding: ERP will not be attacked
This is also the most common misunderstanding when enterprises deploy and implement ERP software internally. They do not consider ERP security at all, believing that since the software is only used internally and cannot be accessed from the cloud, it will not be attacked, and the lowest security configuration is enough. This view is wrong. Even if the system is not connected to the internet, the risk of attack cannot be eliminated. When security measures are inadequate, an infected USB drive or a Trojan program in a user's system may cause the ERP system to crash.
3. Not wanting to update the ERP system
Updating an ERP system involves a tremendous amount of work, including ensuring complete backups, testing new patches, fixing bugs, and training, among many other tasks. Therefore, when it is time to update the ERP security system, enterprises are often extremely reluctant because the workload is too large. Their concerns are not groundless either. They worry that the upgraded system will affect other systems currently in use or bring more unnecessary changes. What we need to understand is that technology develops rapidly, and even ERP systems need regular updates in order to continuously solve problems brought about by technological change.
4. Security policies and management

In the eyes of many enterprises, ERP security performance represents a major expense that requires dedicated resources to maintain and update. This view has some validity. In fact, it is beneficial for enterprises to formulate standard security policies and management norms. In the global business world, many ERP security policy standards have already been introduced for reference. Once security policies are properly established, enterprises can monitor system updates, backups, and data storage, whether they adopt cloud deployment or internal deployment.

ERP System Security

5. Can changing vendors also ensure ERP security? No

There are all kinds of apps and plugins on the market, and enterprises may think that purchasing ERP plugins from another vendor can also ensure security. We do not recommend this, because the ERP vendor providing the original software has the source code and understands the software itself more comprehensively. From a legal perspective, this is also not recommended, because ERP vendors can charge fees when sharing code with another vendor. Enterprises should ideally discuss security matters, modules, and other business terms right from the beginning to avoid endless future troubles.

The above is my brief interpretation of ERP system security. I hope it provides reference value for enterprises that are using ERP systems or are considering implementing them.

Back to List >>

Previous: How Production ERP Software Manages Enterprises

Next: What Are the Main Functions in ERP Purchase-Sales-Inventory ...