透過您的圖書館登入
IP:54.166.170.195
  • 學位論文

電子支付機構確保交易安全內部控制制度之研究

A Study of Trusted Transaction Security Internal Control for Electronic Payment Institutions

指導教授 : 林宜隆 黃士銘
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


電子支付機構管理條例上路後,因實名制需完成身分確認機制,墊高了以往電子商務不需先註冊的門檻,再加上帳戶的儲值及匯出、匯入金額有限制及專法尚未開放金融業務,另配合電子支付機構資訊系統標準及安全控管作業基準辦法中對資安『十分鐘門檻』 等因素,造成業者對專法的高度監理有不同的聲音。   另相較於其他產業,電子支付機構是屬於資訊化程度較深的產業,因而參考電子支付相關論文、電子支付機構管理條例及其16個附屬子法與ISO/IEC 27001:2013(資訊安全管理體系國際標準)14個控制範圍、35項控制目標及114項控制項目,歸納電子支付機構之風險因子五大類,一、交易安全誠信風險。二、資金保管信用風險。三、資訊安全操作風險。四、市場環境競爭風險。五、法規遵循監管風險。   由研究結果得知其在使用者交易限額、交付款項管理作業層級之控制項目表現程度已符合執行程度上的要求,應該把資源移至對未來執行程度特別重要改進的項目,包括在使用者支付指示部分,因支付指示為款項移轉作業之通知,為避免錯誤指示或無效指示,影響使用者權益,故認為執行嚴謹度應加強;在委外業務管理部分,雖然基於專業分工的考量,將非核心之業務委外,但涉及使用者資料之安全性,故期望能增進委外管理之監督;在使用者資料保密部分,電子支付機構應確保交易資料之隱密性與安全性,並維持資料處理之正確性;金融消費者保護作業中,以第三人冒用使用者帳戶最需重視;而資訊系統及安全控管與法令遵循作業,亦同樣受到重視,所以如何利用資訊科技,蒐集監理制度與法令規範,提供分析與管理並降低相關作業風險,都是未來可以努力的方向。

並列摘要


After electronic payment institution regulations on the road, because the real name system complete identity confirmation mechanism, elevate the past online shopping e-commerce without prior registration threshold, coupled with the stored value and export accounts, the amount of import restrictions and special law yet open financial services, electronic payment mechanism with other information systems and security control standard reference work on the way in information security, "the threshold of ten minutes," and other factors, resulting in the industry for highly specialized supervision law have different voices. Also compared to other industries, electronic payment mechanism is part of a deeper level of information technology industry, which reference the relevant papers electronic payments, electronic payment institution regulations and its 16 affiliated child Law and ISO / IEC 27001: 2013 (Information Security Management system international standard) 14 control, 35 control objectives and 114 control programs, risk factors summarized in five categories of electronic payment institution, a transaction integrity and security risks. Second, the fund custody credit risk. Third, information security operational risk. Fourth, the market environment, competitive risks. Fifth, regulatory compliance risks. The results from the study that its user transaction limit, delivery level control funds management operations of the project performance level has to meet the requirements on the degree of implementation, resources should be moved to the next level of implementation is particularly important improvement projects, including users pay indicating portion, because the payment instructions for the notification of a transfer of operations to avoid error indications or invalid instructions, affecting the interests of users, so that the implementation of stringency should be strengthened; in the outsourcing business management section, although based on specialization considerations, will outsourcing of non-core business, but relates to the security of user data, it expects to enhance supervision and management of outsourcing; user data confidentiality in part, electronic payment should ensure privacy and security of data transactions, and maintain the accuracy of the data processing; financial consumer protection operations to a third person most in need of attention to the fraudulent use of user accounts; and information systems and security controls and regulatory compliance work is equally valued, so how to use information technology to collect supervision system and the statutory requirement to provide relevant analysis and management and reduce operational risk, are the future direction can be hard.

參考文獻


16. 陳勇豪,2013,中國大陸電子商務交易流程分析─以淘寶網為例,淡江大學中國大陸研究所碩士班
13. 蔡孟軒,2014,第三方支付服務風險控管原則,國立臺灣大學商學研究所
7. 歐素華、王瑾榆,2014,『電小商務的生態脈絡—以第三方支付為例』,第17屆科際整合管理研討會
10. 楊日晴,2015,第三方支付業者之風險與監控,國立中正大學財經法律系研究所
9. 謝孟珊,2013,第三方支付法制問題研析,台灣/科技法律透析/第 25 卷 第 2 期

被引用紀錄


梁桂燕(2015)。第三方支付機制對我國銀行發展的影響〔碩士論文,國立中央大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0031-0412201512062477

延伸閱讀