In an attempt to cut down on fraud, China’s central bank hasannouncedplans to begin regulating payments by QR codes, barcodes, and other scannable codes. The regulations will initially cap payments by traditional QR codes to 500 yuan, or about $76 USD. When additional security measures are applied, the cap can raise to 5,000 yuan, or around $765 USD. At an even higher security level, banks and payment processors are given discretion over the cap.
Beyond that, The People’s Bank of China isn’t putting many hard rules in place. But it is mandating that banks and payment processors begin to self-regulate, and the central bank has provided quite a few guidelines on what they should do. It’s asked an industry group to gather members and experts to study how businesses use QR codes and what steps can be taken to improve their security. The central bank seems particularly concerned with static codes — ones that sit around and never change — which can be tampered with to link to malicious sources. By one report, $13 million has been stolen in QR code scams in the country’s most populated province.
The central bank wants to see QR payments adopt tokenization, expiration dates, and anti-counterfeit measures. It also suggests the use of encryption, frequent updates, risk monitoring, and security software. It’s not entirely clear how all of this will come into play — the People’s Bank largely seems to have thrown a bunch of ideas out there and asked the industry to figure out how to put them into place.
Only the payment caps are going into effect for now, starting next year on April 1st. The Financial Times reports that both Alipay and Tencent, two major mobile payments companies, are supportive of the new regulations.