As one type of value transfer, mobile payment means performing payment such as purchase of a virtual product or a real product and transfer of cashes and virtual currencies on a mobile device.
In a conventional mobile value transfer process, an identity usually needs to be authenticated. In most value transfer, identity authentication is based on a user password, a user fingerprint, and information about a geographical location at which a user usually performs value transfer. Specifically, in a conventional technical solution, frequently-used geographical location information that corresponds to a user password is obtained by using the password and asking permission from the user; after a corresponding password for value transfer is matched by using the geographical location information, the user is authorized or rejected to perform value transfer, thereby avoiding value transfer at an infrequently-used location and preventing a user account number from being stolen or illegally used by another person.
However, although the above solution resolves problems of value transfer security and remote fraudulent charge for a user to some degree, the user is restricted to performing value transfer only at a known location, and it is not convenient in a use scenario in which there are many locations that the user frequently goes to or in which the location at which the user stays frequently changes (for example, due to a business trip). In addition, after a mobile device or an account number is stolen, value transfer is easily performed by using the account of the user at a location that the user frequently goes to. Consequently, security cannot be ensured.