Research On Risk Assessment Method For Electronic Payments

With the development of information technology, electronic payment has become an indispensable means of payment. The development and application of electronic payment technology has brought great convenience to our working, living and studying. At the same time, the Security risks of electronic payment come out one after the other, which has greatly threaten payment security. In this background, risk assessment on electronic payment systems is very important.Relative to common information system, electronic payment system, which has a special business process, great needs on security and highly sensitive for risk, needs a more expertise and objective risk assessment scheme. So we need a special risk assessment scheme for electronic payment system.Firstly, this paper analyzes security threats in electronic payment process, and the vulnerability of electronic payment system. Then this paper designs a risk assessment model for electronic payment system. This model takes risk assessment for electronic payment system from the level of system, application and management. The process of risk assessment includes constructing risk model, information assert assessing, threats assessing, vulnerability assessing, constructing relationships of threats and vulnerability and risk determining. The objective of risk management is to protect information assert’s confidentiality, integrity and availability.Secondly, based on risk assessment model for electronic payment system, this paper designs a lightweight level scheme for electronic payment system risk assessment. This scheme bases on business risk flow. A business risk flow is a business flow corresponding to which An attacker takes a full attack using an vulnerability. Then using this scheme we take a risk assessment for Kuaiqian product and analyze the result.Finally, based on the needs of arduous, efficient and high-level assessment task in some large-scale enterprises, this paper designs and implements a business supporting system for electronic payment risk assessment. This system provides process management, security consultation and knowledge repository management for electronic payment risk assessment. This system is suitable for large-scale electronic payment enterprises.