UMFINTECH official website UMF International UMF Global
  • Security of Internet and System
  • Merchant Management Security

Security Strategy of User Authentication

UMF adopts widely applicable mobile phone number as login account number for user authentication. While guaranteeing the uniqueness and randomness of user’s account number, it is more convenient for users to accept transaction notices in all transaction links. This account number is applicable to authenticating user’s accomplishment of transaction in UMF platform. Before the user’s login in UMF to authenticate the account number, UMF has already designed the following security protection measures to strengthen user authentication and avoid leaking the user’s authentication information.


1. Comparison of IP timestamp to avoid deception by phishing website.


2. In case of error login, sending back no detailed information about error type, and locking frequency of failed login to avoid other people's repeatedly guesses of the user’s account number.


3. UMF security control, digital certificate, mobile phone dynamic verification code, and other double factor verification methods.


4. In order to protect the user’s account number and passwords from being stolen due to sharing one computer with other people, there is no memory of the user’s login status.


Security Strategy of Internet Transaction

Before the user’s transaction, UMF has already designed the following security protection measures to protect the user’s data from being intercepted or stolen during transaction and internet transmitting.


1. The transaction information is transmitted and stored in non-clear-text form to avoid being intercepted and stolen during transmitting and storing.


2. The random generated session token is complex enough (longer than 128 bit), and will be transmitted through safe methods to avoid hacker attack.


3. During the processes of design and development, all products of UMF adopt security protection referring to related security suggestions of online banking security and OWASP.


Security Strategy of Information Storage

Before the user stores information, UMF has already designed the following security protection measures to avoid the user’s data from being stolen during processes of transaction and internet transmitting.


1. Complete controls of physical, network, database, system visit security to avoid external intruder’s attack and data steal in all levels.


2. Advanced data encryption technique to keep the user’s data unreadable in case the data is stolen  by external intruder.


3. Control of Document integrity checking to guarantee timely detection of data alteration.


Real Time Unconventionality Monitoring

In the two monitoring centers: system operation and risk control, there are specific personnel to monitor the system operation in 24*7 hours all over the year, the monitoring is about user’s abnormal application, user’s abnormal transaction, intrusion detection, known attack detection, data alteration during transmitting, abnormal peak value, abnormal network, etc. Meanwhile, once the monitoring center detects any unconventionality, the complete contingency plan will start quickly to guarantee user’s successful transaction and account number security.

Strict Admittance Standard for Merchants

In order to protect ordinary customers' rights and interests, our company makes strict standards for merchants considering signing contract with us:


1. When signing contract with UMF, each merchant shall submit 15 kinds of examination materials, including organization’s business license and organizing institution bar code; then risk control experts of UMF will examine and verify the merchant’s qualification and credit according to existing standard procedure.


2. UMF has stipulated standards of minimum registration years and lowest registration capital for merchants in different industries. Such standards are premise to the signing contracts with UMF.


3. The risk control department of UMF has officially organized a team to review merchants' qualification by means of irregular sample review of their business scale and credit level. Any merchant found to violate or is suspected to violate regulations shall be immediately deprived of the qualification to sign contract with UMF.


Complete Anti-phishing Security System

Phishing websites refer to the illegal websites stealing customer’s user account number password or bank account number password by counterfeiting real merchant’s URL or content of webpage. All merchants signing contract with UMF have established complete anti-phishing security measures in their transaction portals to help customers recognize phishing website as quickly as possible, and to safeguard the customer’s important information (e.g. account number and password).

Real Time Anti-money-laundry Monitoring Mechanism

In accordance with the requirements in Measures for Administration of Anti-money-laundry and Anti-terrorism by Payment Institutions issued by People's Bank of China, UMF officially establishes internal control system of anti-money-laundry, which clearly stipulates links including the merchant’s identification, retention of merchant’s identity materials and transaction records, suspicious transaction report, anti-money-laundry financing investigation, etc. Meanwhile, UMF has started the “anti-money-laundry suspicious transaction monitoring” for real time suspicious transaction monitoring to avoid any illegal transaction by any merchant through UMF.

Security Center