Home > News content

Remote deposits play IP address smoke and mirrors

via:新浪科技     time:2022/9/9 6:01:42     readed:132

  

In recent years, local banks and some private banks have been explicitly "stopped" from collecting deposits through the Internet. The "old way" that regular channel buys different place deposit does not work out how to do? Once again, some promoters have turned to service providers that offer IP address modification, guiding depositors to change their IP addresses, exploiting a loophole in banking technology, and buying deposit products online. This new type of chaos also let Banks available bank sources, some Banks can detect false IP, but such monitoring technology is only through the screening of a single sample, large quantities of fake IP identification is currently not working, by means of techniques and, most small and medium-sized Banks did not have the ability to identify false IP.

  The promoter guides the depositor to modify the IP address

Under the background of supervision and urging local legal person banks to return to serving local origin and not to open deposits in different places in various ways, deposit soliciting in different places has been suspended. However, a reporter from Beijing Business Daily found in the course of a recent investigation that some deposit promoters still advertise high-interest bank deposit products and offers through various channels, and claim that users can buy them all over the country.

"The annual interest rate of the quarterly interest-paying deposit is 4%, and the novice has extra rewards" "Direct bank deposit activities, can get life rewards" "the novice opens an account, easily get 8.8 yuan welfare"... Nearly period of time, in a social platform, deposit driver came alive again, they in the stunt of high-yield, welfare, "selling" of private Banks, direct bank deposit products, but Beijing commercial daily reporter noticed that the launching products bank acquisition range is not covering the whole country, how should the long-distance customer participation?

"Users who want to buy deposits hang their IP addresses first." The promoter Yang Yue (pseudonym) offered a solution, which is simply to install IP agent software to temporarily change the IP address, and only after the modification can you open an account. Most of the deposit products provided by Yang Yue are for private banks. The purchase guide clearly states: The first step is to register the IP address, the second step is to open an account, and lists the address of each bank that needs to change the IP address to depositors.

For example, if you want to buy the quarterly interest-paying deposit launched by a private bank, you need to use the agent software to hang to the local random IP address. If you want to participate in a direct bank deposit reward activity, you should use the agent software to modify the IP address to Beijing, Shanghai, Guangdong, Jiangsu, Anhui, Zhejiang and other six places.

Su Xiaorui analysys analysis of the financial sector, a senior analyst said, such a change IP service behavior is the proxy IP behavior, need to have relevant agent qualification, although already exist in cyberspace, but so far has not yet appeared on the local financial management files related to the specific rules, it is combined with local financial institutions deposit product some driver smell "business opportunities", To help depositors who do not conform to the area of the bank to buy deposit products.

Wang Deyue, a lawyer from Beijing Xunzhen Law Firm, said in an interview with Beijing Business Daily that the purpose of modifying IP addresses is to circumvent regulation, provide IP proxy services for users, help users tamper with personal information, and affect banks' identification and authentication of depositors. Providing dynamic IP proxy services for users, suspected of illegal business. Without registration and filing, users not only face the risk of personal information disclosure, but also may get into unnecessary trouble.

  Drill technical loopholes to achieve remote deposit

With fake IP really can realize different to buy deposit products? A Beijing Business Daily reporter downloaded an App called AiAcceleration under the guidance of the promoter and found that the software can indeed change the IP address of the mobile phone to the IP address of the target region, which can be used in most provinces and cities in China.

The way to change the IP address is also relatively simple. Users can register successfully by filling in the mobile phone number and verification code, and then click the current line to select the target address they want to change. Beijing Business Daily reporter randomly selected "Hunan" area for evaluation. Before use, the IP address of the reporter's various platform accounts was shown as Beijing. After using love to accelerate the modification, the IP address immediately changed to Chenzhou city, Hunan Province.

By scanning driver after modify IP address, can provide the qr code to buy deposits, Beijing commercial daily reporter review found that modify IP address to buy deposits and normal purchase processes and indifference, but on the accounts to choose, the user needs to choose the IP address of the modified, before you can upload the identity information, open electronic account. In the process of purchase, the bank does not recognize the depositor as a remote user, and the depositor can purchase deposit products smoothly.

From the point of view of the operation mode, the IP address is changed by the push hand drainage, the depositors themselves, if there is a risk, whether the depositors need to bear the responsibility? Wang further pointed out that buying products in this way does not invalidate savings contracts with banks, and depositors' legitimate deposits should be protected. However, if there is a risk in this product, the depositor is deliberately bypassing the supervision, there is a fault, and he needs to bear the corresponding fault responsibility.

Was the bank aware of the process? A person familiar with the matter admitted that "some banks can detect fake IP, but this kind of monitoring also needs to be carried out by screening samples. A large number of fake IP identification work cannot be achieved by technical means at present, and most small and medium-sized banks do not have the ability to identify fake IP".

According to the check information display the inner eye, love to accelerate the App developed by Shanghai swim shield network technology co., LTD., for the related services by driver used to induce a customer purchase different deposits, Beijing business newspaper reporters call the company to interview, the relevant person in charge of the company responded, "we provide legal compliance of Internet security access, network proxy service, IP is the basis of Internet communication. Third-party units use IP territory to judge user location information, but the mechanism is not perfect. This case involves some third-party private banks. First, private banks have weak risk control ability, and second, it is spontaneous behavior of depositors, so we cannot know about it."

The person in charge said, "We do not support illegal and criminal activities that undermine network and financial security. Our company has established a sound risk control system with various commercial banks, and any third party units can contact our company to jointly customize risk control plans. Please do not engage in and participate in them."

  Financial institutions should strengthen user IP identification

Deposit pushers, money brokers... These groups have become a black sheep by roaming the country in search of resources to profit from, confusing competition for deposits and making banks vulnerable.

"Due to the limitation of 'one line, one store', private banks have difficulties in obtaining customers in the exhibition industry. In business expansion, some deposit promoting institutions do come to the banks to negotiate with them. Their terms are very attractive, and they will tell the banks how many customer resources in vertical fields are available for the banks to choose from. However, in the process of talking about cooperation, the bank will not explicitly say that such behavior of guiding the customer to modify the IP. This way is generally the pushing mechanism of its own operation." "The person said.

It is urgent for regulators and banks to crack down on such market chaos. Wang Pengbo, senior analyst of the financial industry at Broadcom Analytics, said that technically, suspicious terminal assessment should be added to the risk control system for users of special products, such as users who frequently change their IP addresses, so that more reminders can be made.

Su Xiaorui further pointed out that this kind of mess need to divide and rule, the App management level, by presenting some black is produced with the help of a proxy IP action "user rights, financial level, the need to supervise and urge financial institutions to strengthen the user IP recognition, at the same time to strengthen inter-departmental coordination between linkage, making fan deposits mess, has formed the scale, the business nature of the driver be punished.

"The bank can verify the location of the IP address obtained by the user when the user performs key operations such as login, registration and transaction." Wang Deyue further pointed out that through the cross-verification of the geographical location information corresponding to IP and GPS information, it is necessary to judge whether the user uses the proxy server to conduct the transaction, and whether the transaction IP address should be deliberately concealed, so as to identify and judge the risk degree of the user's operation behavior, so as to ensure the user account and transaction security.

Beijing Business Daily Financial Investigation Group

translate engine: Youdao

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments