{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付是電子商務的最後一英里,只有順利完成了支付,才能產生真正的業務價值。那麼,對於商家來說,需要以最低的成本和最快的速度爲用戶提供最安全的支付功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於電子支付往往需要支持多種銀行卡類型和第三方支付類型,同時需要滿足較高的安全要求和技術標準,因此往往會藉助支付網關來實現。但由於支付網關種類繁多,其功能複雜、安全標準參差不齊、集成方式衆多,在選擇時往往會給商家帶來很大困擾。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文基於在ThoughtWorks幫助各類客戶提供不同種類支付網關的經驗,以及幫助客戶開發和維護月交易量在百萬級別的支付網關的經驗,分別從功能、安全、集成方式三方面來幫助商家瞭解並快速選擇適合自己的支付網關。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"支付網關的功能"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們將支付網關的功能分爲核心功能和增值功能。核心功能包括了面向最終用戶的支付功能,以及面向商家的收單服務;增值功能則包含了爲支持一個完整的業務而提供的各種支撐功能。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"支付功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付功能是支付網關的核心。支付功能包括支持的銀行、卡機構、第三方支付等的種類和數量,以及支付成功率、支付處理速度、系統穩定性等技術指標。越大的支付網關,其銀行和第三方支付種類覆蓋範圍就越廣,技術更可靠,而收費也更高,且對於本地小銀行的支持有限。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"收單服務"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於法律監管和銀行業務的要求,如果商家需要通過電子支付的方式來收款,需要在收單行開設一種特殊的銀行賬戶:商家賬戶。支付網關面向商家提供收單服務,以大大降低商家與銀行的談判、申請賬戶、以及出問題後多方之間巨大的溝通成本。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"增值功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付網關的差異化也體現在其增值功能的種類上:比如預授權,退款,取消支付,批量支付,定時自動支付,動態貨幣轉換,多貨幣定價,報表,查詢等。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於核心支付功能,我們建議您根據自己的業務和用戶的實際情況進行選擇:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果是"},{"type":"text","marks":[{"type":"strong"}],"text":"本地業務,最好選擇一個品牌信譽好的、對本地銀行業務支持更加友好的中小規模的支付網關,甚至只提供當地最流行的第三方支付就足夠了。"},{"type":"text","text":"當然,如果所選的小支付網關對國際業務支持的不夠好,當未來業務擴展時,支付網關可能會成爲制約因素。我們在項目上經常看到客戶因爲此原因需要更換支付網關的例子。因此,在前期的代碼設計上,應該預先做好設計與隔離,爲此最好準備。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果業務或用戶涉及"},{"type":"text","marks":[{"type":"strong"}],"text":"國外,則需要了解不同國家和地區的用戶支付習慣,提供用戶喜愛的本地化支付方式。此時,我們建議您選擇一個將各個地區主流第三方支付打包到一起的支付網關,這樣可以一次集成,多次應用。"},{"type":"text","text":"我們在某項目上首先通過Worldpay幫助客戶集成了Paypal,並在先期的代碼設計上保留了擴展接口。後來當業務擴展需要支持支付寶和微信時,只做了一些配置的改動和非常少量的開發測試工作就上線了,節省了大量商務談判、技術調研、從零開始的集成測試等工作。 "}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於收單業務,"},{"type":"text","marks":[{"type":"strong"}],"text":"我們建議您優先選擇支付網關的收單服務"},{"type":"text","text":"。這樣,作爲商家只需要跟支付網關一家打交道即可,從流程、技術、溝通等各方面,都省去了很多麻煩。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於技術指標的考量,我們必須知道,任何一筆支付,中間都會涉及多個系統的集成,出問題是非常正常的。我們在幫助客戶維護支付網關的過程中,7人左右的團隊往往會被各種線上問題搞得應接不暇。作爲商家,以下幾點可以幫助您將損失降到最低:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"不僅要看支付網關官網承諾的各項技術指標,還要與其簽訂明確的SLA以保護自己的權益"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"在自己的系統中添加有效的監控和日誌"},{"type":"text","text":",出問題時可以提供足夠有價值的信息協助支付網關一起排查定位問題;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對支付網關的接口穩定性進行測試"},{"type":"text","text":",以及時發現支付網關的故障,從而採取相應措施;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"實現一套合理的fallback機制"},{"type":"text","text":",比如及時隱藏出問題的支付網關、切換到另一種支付網關或第三方支付等,以降低其對業務和用戶的影響。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於各種增值功能,建議您按需進行考察,如果不是核心業務,可作爲MVP之外的範疇,逐步納入交付計劃。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"對支付網關安全能力的考量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每年因爲支付詐騙所造成的損失,對於大部分商家都是在線支付中最頭疼的問題。用戶支付數據泄露等安全事件還會給企業帶來名譽損失和法律風險。因此,安全性應該成爲我們選擇支付網關時必不可少的考慮因素。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們分別從PCI DSS、3D Secure、信用卡反欺詐和支付標記化四方面來做進一步介紹,並給出我們的建議。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"PCI DSS(Payment Card Industry Data Security Standard)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PCI DSS是由支付卡產業安全標準委員會制定的第三方支付行業數據安全標準,從信息安全管理體系、網絡安全、物理安全、數據加密等方方面面提出了一套保護持卡人數據的技術和操作的基線要求。PCI DSS會對支付網關等提供支付服務的機構進行年審,審計結束後,會對被認證企業提供相應的安全級別資質證明。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3D Secure"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3D Secure(Three-Domain Secure,以下簡稱3DS)是國際卡組織爲提高信用卡網上支付的安全性,向卡持卡人推出的一項安全驗證服務。它規定,在使用信用卡進行支付時,必須輸入支付密碼、手機驗證碼等只有持卡人自己才知道的信息,以驗證用戶身份。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對商家來說,3DS是一把雙刃劍。如果使用了3DS,則意味着對持卡人身份更可靠的驗證,如果未來發生投訴退單,其成本會由髮卡行而不是商家來承擔;但是由於在支付流程中需要跳轉到髮卡行的網站進行身份驗證,從用戶體驗和技術上都會造成一定支付轉換率的損失;同時,商家也需要爲額外這一層安全保障付出成本。在某些國家或地區(比如歐洲),各大銀行、支付網關和商家必須支持3DS已經是支付領域的法律要求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"信用卡反欺詐(Fraud Detection)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"信用卡反欺詐是通過技術手段在支付發生前對可疑情況進行過濾,以降低支付詐騙率。最常見的一個場景,如果反欺詐系統檢測到同一個IP地址在短時間內嘗試使用不同卡號付款且大部分都會驗證失敗,則快速做出判斷,認爲該IP涉嫌詐騙,從而禁止所有該IP的後續請求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"支付標記化(Tokenization)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付標記化技術是由國際芯片卡標準化組織於2014年正式發佈的一項技術,其原理是:支付網關在第一次驗證完用戶身份後,針對每個銀行卡號生成一個唯一的token並返回給商家,作爲後續支付過程中代表該卡信息的憑證,這樣就避免了頻繁輸入卡信息帶來的風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於PCI DSS"},{"type":"text","text":",支付網關的PCI安全認證資質證明可以作爲證明其在技術、基礎設施和流程等方面安全程度的最有力證明。我們在選擇時,"},{"type":"text","marks":[{"type":"strong"}],"text":"仔細審查其PCI安全級別資質證明即可"},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於3DS,我們建議您選擇支持3DS功能的支付網關,並將其作爲必選項提供給您的用戶"},{"type":"text","text":"。不僅在現在和將來排除了法律風險,也是最有效的防支付詐騙的手段,同時可以爲支付詐騙發生後做風險管理和轉移提供有力證據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們在維護支付網關的項目上,處理最多的問題就是那些因爲沒有使用反欺詐服務而被攻擊的客戶,一般遇到這種情況,來自該商家所有用戶的支付請求都會被臨時禁止直到攻擊停止,這對正常業務會產生很大影響。"},{"type":"text","marks":[{"type":"strong"}],"text":"因此,我們建議您不要吝嗇投入,務必選擇一個能提供有效反欺詐能力的支付網關或專業的反欺詐服務提供商"},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於支付標記化,如果您的用戶主要使用信用卡進行支付,那麼我們建議您選擇提供支付標記化功能的支付網關"},{"type":"text","text":",這樣可以允許用戶使用保存的卡信息進行支付,可以大大提高忠實用戶的用戶體驗。"},{"type":"text","marks":[{"type":"strong"}],"text":"對於支付標記化的考察,重點需要考察背後的卡信息是否存儲在支付網關自己的數據庫"},{"type":"text","text":",如果是,則需要確定其是否滿足PCI Level 1的標準。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"支付網關常見的集成方式"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從功能和安全性上確定您的需求後,下一個問題就是用戶的支付體驗和技術集成了。支付網關一般都會提供多種集成方式,每種集成方式在用戶體驗和技術要求上不盡相同。以下是幾種最常見的集成方式:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"Hosted Payment Page"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站確認訂單並點擊“繼續支付”的按鈕後,瀏覽器會直接從商家網站跳轉到由支付網關提供的支付頁面,在此頁面輸入卡信息並進行支付。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"In-Context Popup"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站確認訂單並點擊“繼續支付”的按鈕後,直接在當前頁面彈出一個由支付網關提供的支付模塊彈出框,用戶可以在不離開商家網站的情況下進行支付。最典型的例子就是 PayPal in-context checkout 。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"iFrame"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付網關將包含輸入卡信息和支付按鈕的部分提取成一個公共組件,允許商家在渲染支付頁面的時候通過iFrame的形式將該支付組件加載到頁面中。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"API"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站輸完支付信息、點擊支付按鈕後,直接從商家網站的後端發送API請求到支付網關。 "}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"不同的集成方式在用戶體驗、開發成本和其對商家網站PCI的要求程度是不同的,我們對此進行了一個對比"},{"type":"text","text":":"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/34\/34cd218e793485643fc82aefdc0a0465.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"如何選擇,完全取決於現實情況,並無好壞之分。我們有下面幾點建議"},{"type":"text","text":":"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於有能力滿足PCI DSS、有一定技術能力來集成API的商家,用戶體驗最佳的API集成方式是最佳的選擇;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於希望完全在PCI監管之外,或者希望以最快的速度提供支付功能,而對用戶體驗要求不太高的商家,Popup 或 Hosted Payment Page 是不錯的選擇;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於大部分商家來說,iFrame 由於不僅能幫商家規避PCI,同時具備較好的用戶體驗和較快的集成速度,是大部分場景的最優選擇。"}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"其他需要考慮的因素"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了以上核心的考察點之外,下面這些因素不僅可以從側面證明支付網關的業務和技術能力,也是我們在使用支付網關的服務時很重要的方面:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"是否提供清晰、快速的onboard流程"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"其技術文檔是否足夠信息、準確且包括必要的細節,是否提供設計優良的客戶端SDK"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"是否提供沙盒環境和測試賬號供我們在測試環境進行自動化和手工測試"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"技術支持是否專業、及時且有效"},{"type":"text","text":";"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"希望通過本文的介紹,讓您對支付網關有了一定的瞭解,也有足夠的知識和技巧來選擇一個適合自己的支付網關。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文轉載自:ThoughtWorks洞見(ID:TW-Insights)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文鏈接:"},{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/IH7hU8O17VUuel4I-JU-rg","title":"xxx","type":null},"content":[{"type":"text","text":"開發團隊如何選型支付網關"}]}]}]}
開發團隊如何選型支付網關
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付是電子商務的最後一英里,只有順利完成了支付,才能產生真正的業務價值。那麼,對於商家來說,需要以最低的成本和最快的速度爲用戶提供最安全的支付功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於電子支付往往需要支持多種銀行卡類型和第三方支付類型,同時需要滿足較高的安全要求和技術標準,因此往往會藉助支付網關來實現。但由於支付網關種類繁多,其功能複雜、安全標準參差不齊、集成方式衆多,在選擇時往往會給商家帶來很大困擾。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文基於在ThoughtWorks幫助各類客戶提供不同種類支付網關的經驗,以及幫助客戶開發和維護月交易量在百萬級別的支付網關的經驗,分別從功能、安全、集成方式三方面來幫助商家瞭解並快速選擇適合自己的支付網關。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"支付網關的功能"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們將支付網關的功能分爲核心功能和增值功能。核心功能包括了面向最終用戶的支付功能,以及面向商家的收單服務;增值功能則包含了爲支持一個完整的業務而提供的各種支撐功能。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"支付功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付功能是支付網關的核心。支付功能包括支持的銀行、卡機構、第三方支付等的種類和數量,以及支付成功率、支付處理速度、系統穩定性等技術指標。越大的支付網關,其銀行和第三方支付種類覆蓋範圍就越廣,技術更可靠,而收費也更高,且對於本地小銀行的支持有限。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"收單服務"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於法律監管和銀行業務的要求,如果商家需要通過電子支付的方式來收款,需要在收單行開設一種特殊的銀行賬戶:商家賬戶。支付網關面向商家提供收單服務,以大大降低商家與銀行的談判、申請賬戶、以及出問題後多方之間巨大的溝通成本。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"增值功能"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付網關的差異化也體現在其增值功能的種類上:比如預授權,退款,取消支付,批量支付,定時自動支付,動態貨幣轉換,多貨幣定價,報表,查詢等。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於核心支付功能,我們建議您根據自己的業務和用戶的實際情況進行選擇:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果是"},{"type":"text","marks":[{"type":"strong"}],"text":"本地業務,最好選擇一個品牌信譽好的、對本地銀行業務支持更加友好的中小規模的支付網關,甚至只提供當地最流行的第三方支付就足夠了。"},{"type":"text","text":"當然,如果所選的小支付網關對國際業務支持的不夠好,當未來業務擴展時,支付網關可能會成爲制約因素。我們在項目上經常看到客戶因爲此原因需要更換支付網關的例子。因此,在前期的代碼設計上,應該預先做好設計與隔離,爲此最好準備。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果業務或用戶涉及"},{"type":"text","marks":[{"type":"strong"}],"text":"國外,則需要了解不同國家和地區的用戶支付習慣,提供用戶喜愛的本地化支付方式。此時,我們建議您選擇一個將各個地區主流第三方支付打包到一起的支付網關,這樣可以一次集成,多次應用。"},{"type":"text","text":"我們在某項目上首先通過Worldpay幫助客戶集成了Paypal,並在先期的代碼設計上保留了擴展接口。後來當業務擴展需要支持支付寶和微信時,只做了一些配置的改動和非常少量的開發測試工作就上線了,節省了大量商務談判、技術調研、從零開始的集成測試等工作。 "}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於收單業務,"},{"type":"text","marks":[{"type":"strong"}],"text":"我們建議您優先選擇支付網關的收單服務"},{"type":"text","text":"。這樣,作爲商家只需要跟支付網關一家打交道即可,從流程、技術、溝通等各方面,都省去了很多麻煩。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於技術指標的考量,我們必須知道,任何一筆支付,中間都會涉及多個系統的集成,出問題是非常正常的。我們在幫助客戶維護支付網關的過程中,7人左右的團隊往往會被各種線上問題搞得應接不暇。作爲商家,以下幾點可以幫助您將損失降到最低:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"不僅要看支付網關官網承諾的各項技術指標,還要與其簽訂明確的SLA以保護自己的權益"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"在自己的系統中添加有效的監控和日誌"},{"type":"text","text":",出問題時可以提供足夠有價值的信息協助支付網關一起排查定位問題;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對支付網關的接口穩定性進行測試"},{"type":"text","text":",以及時發現支付網關的故障,從而採取相應措施;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"實現一套合理的fallback機制"},{"type":"text","text":",比如及時隱藏出問題的支付網關、切換到另一種支付網關或第三方支付等,以降低其對業務和用戶的影響。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於各種增值功能,建議您按需進行考察,如果不是核心業務,可作爲MVP之外的範疇,逐步納入交付計劃。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"對支付網關安全能力的考量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"每年因爲支付詐騙所造成的損失,對於大部分商家都是在線支付中最頭疼的問題。用戶支付數據泄露等安全事件還會給企業帶來名譽損失和法律風險。因此,安全性應該成爲我們選擇支付網關時必不可少的考慮因素。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們分別從PCI DSS、3D Secure、信用卡反欺詐和支付標記化四方面來做進一步介紹,並給出我們的建議。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"PCI DSS(Payment Card Industry Data Security Standard)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"PCI DSS是由支付卡產業安全標準委員會制定的第三方支付行業數據安全標準,從信息安全管理體系、網絡安全、物理安全、數據加密等方方面面提出了一套保護持卡人數據的技術和操作的基線要求。PCI DSS會對支付網關等提供支付服務的機構進行年審,審計結束後,會對被認證企業提供相應的安全級別資質證明。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3D Secure"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3D Secure(Three-Domain Secure,以下簡稱3DS)是國際卡組織爲提高信用卡網上支付的安全性,向卡持卡人推出的一項安全驗證服務。它規定,在使用信用卡進行支付時,必須輸入支付密碼、手機驗證碼等只有持卡人自己才知道的信息,以驗證用戶身份。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對商家來說,3DS是一把雙刃劍。如果使用了3DS,則意味着對持卡人身份更可靠的驗證,如果未來發生投訴退單,其成本會由髮卡行而不是商家來承擔;但是由於在支付流程中需要跳轉到髮卡行的網站進行身份驗證,從用戶體驗和技術上都會造成一定支付轉換率的損失;同時,商家也需要爲額外這一層安全保障付出成本。在某些國家或地區(比如歐洲),各大銀行、支付網關和商家必須支持3DS已經是支付領域的法律要求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"信用卡反欺詐(Fraud Detection)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"信用卡反欺詐是通過技術手段在支付發生前對可疑情況進行過濾,以降低支付詐騙率。最常見的一個場景,如果反欺詐系統檢測到同一個IP地址在短時間內嘗試使用不同卡號付款且大部分都會驗證失敗,則快速做出判斷,認爲該IP涉嫌詐騙,從而禁止所有該IP的後續請求。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"支付標記化(Tokenization)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付標記化技術是由國際芯片卡標準化組織於2014年正式發佈的一項技術,其原理是:支付網關在第一次驗證完用戶身份後,針對每個銀行卡號生成一個唯一的token並返回給商家,作爲後續支付過程中代表該卡信息的憑證,這樣就避免了頻繁輸入卡信息帶來的風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於PCI DSS"},{"type":"text","text":",支付網關的PCI安全認證資質證明可以作爲證明其在技術、基礎設施和流程等方面安全程度的最有力證明。我們在選擇時,"},{"type":"text","marks":[{"type":"strong"}],"text":"仔細審查其PCI安全級別資質證明即可"},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於3DS,我們建議您選擇支持3DS功能的支付網關,並將其作爲必選項提供給您的用戶"},{"type":"text","text":"。不僅在現在和將來排除了法律風險,也是最有效的防支付詐騙的手段,同時可以爲支付詐騙發生後做風險管理和轉移提供有力證據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們在維護支付網關的項目上,處理最多的問題就是那些因爲沒有使用反欺詐服務而被攻擊的客戶,一般遇到這種情況,來自該商家所有用戶的支付請求都會被臨時禁止直到攻擊停止,這對正常業務會產生很大影響。"},{"type":"text","marks":[{"type":"strong"}],"text":"因此,我們建議您不要吝嗇投入,務必選擇一個能提供有效反欺詐能力的支付網關或專業的反欺詐服務提供商"},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"對於支付標記化,如果您的用戶主要使用信用卡進行支付,那麼我們建議您選擇提供支付標記化功能的支付網關"},{"type":"text","text":",這樣可以允許用戶使用保存的卡信息進行支付,可以大大提高忠實用戶的用戶體驗。"},{"type":"text","marks":[{"type":"strong"}],"text":"對於支付標記化的考察,重點需要考察背後的卡信息是否存儲在支付網關自己的數據庫"},{"type":"text","text":",如果是,則需要確定其是否滿足PCI Level 1的標準。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"支付網關常見的集成方式"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"介紹"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從功能和安全性上確定您的需求後,下一個問題就是用戶的支付體驗和技術集成了。支付網關一般都會提供多種集成方式,每種集成方式在用戶體驗和技術要求上不盡相同。以下是幾種最常見的集成方式:"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"Hosted Payment Page"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站確認訂單並點擊“繼續支付”的按鈕後,瀏覽器會直接從商家網站跳轉到由支付網關提供的支付頁面,在此頁面輸入卡信息並進行支付。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"In-Context Popup"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站確認訂單並點擊“繼續支付”的按鈕後,直接在當前頁面彈出一個由支付網關提供的支付模塊彈出框,用戶可以在不離開商家網站的情況下進行支付。最典型的例子就是 PayPal in-context checkout 。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"iFrame"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"支付網關將包含輸入卡信息和支付按鈕的部分提取成一個公共組件,允許商家在渲染支付頁面的時候通過iFrame的形式將該支付組件加載到頁面中。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"API"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當用戶在商家網站輸完支付信息、點擊支付按鈕後,直接從商家網站的後端發送API請求到支付網關。 "}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"我們的建議"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"不同的集成方式在用戶體驗、開發成本和其對商家網站PCI的要求程度是不同的,我們對此進行了一個對比"},{"type":"text","text":":"}]},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/34\/34cd218e793485643fc82aefdc0a0465.png","alt":"圖片","title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"如何選擇,完全取決於現實情況,並無好壞之分。我們有下面幾點建議"},{"type":"text","text":":"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於有能力滿足PCI DSS、有一定技術能力來集成API的商家,用戶體驗最佳的API集成方式是最佳的選擇;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於希望完全在PCI監管之外,或者希望以最快的速度提供支付功能,而對用戶體驗要求不太高的商家,Popup 或 Hosted Payment Page 是不錯的選擇;"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於大部分商家來說,iFrame 由於不僅能幫商家規避PCI,同時具備較好的用戶體驗和較快的集成速度,是大部分場景的最優選擇。"}]}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"其他需要考慮的因素"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了以上核心的考察點之外,下面這些因素不僅可以從側面證明支付網關的業務和技術能力,也是我們在使用支付網關的服務時很重要的方面:"}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"是否提供清晰、快速的onboard流程"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"其技術文檔是否足夠信息、準確且包括必要的細節,是否提供設計優良的客戶端SDK"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"是否提供沙盒環境和測試賬號供我們在測試環境進行自動化和手工測試"},{"type":"text","text":";"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"技術支持是否專業、及時且有效"},{"type":"text","text":";"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"希望通過本文的介紹,讓您對支付網關有了一定的瞭解,也有足夠的知識和技巧來選擇一個適合自己的支付網關。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文轉載自:ThoughtWorks洞見(ID:TW-Insights)"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文鏈接:"},{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/IH7hU8O17VUuel4I-JU-rg","title":"xxx","type":null},"content":[{"type":"text","text":"開發團隊如何選型支付網關"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章