With the development of the Internet, mobile payment has become a payment method that is widely adopted in the daily lives of people. Mobile payment is a new payment method that wirelessly completes a payment activity via a mobile device. A payer terminal used by the mobile payment may be a mobile phone, a personal digital assistant (PDA), a mobile personal computer (PC), etc. Being an easier and faster payment method, people usually select mobile payment to complete a payment after shopping, dining, and other types of consumptions. In order to facilitate user management and ensure user security, most payment platforms require a user to log in before making a payment. Specifically, an account name of the user and a corresponding password are input in a login screen that is displayed in a mobile phone or a mobile PC, and a payment operation is able to proceed only upon successful verification by a server.
However, the use of “account+password” only verification method to verify a payment process is still difficult to guarantee the security of a payment process. In an event that an account and a password are stolen and illegitimately used, an associated user will suffer inconvenience and even economic losses. In order to avoid these types of events, certain payment platforms bind an account and a password of a user with a mobile phone number of the user. On top of the “account+password” verification method, further payment verification is performed by sending a text message of validation code to a mobile phone number that has been bound in advance, thereby increasing the security of making a payment. However, in a real application process, this method still has serious security risks. Due to a serious issue of divulging text messages of validation codes in an existing network environment, an appropriator may achieve a text message transfer via fraudulent means or through a Trojan program in a mobile communication device to obtain a text message of validation code after stealing an account and a password of a user, even if the user has bound the account with a mobile phone number thereof. The appropriator may then masquerade an identity of the legitimate user to complete a payment operation.
Existing technologies are not able to sufficiently guarantee the security of a payment process and thus may bring financial losses and unnecessary troubles to legitimate users.