Data Security Risk When Tapping Chinese Payment Service Providers



Shutterstock photo

If you’re into e-commerce, cyberattacks have got to be among your top concerns. Fraud, data breaches, and denial-of-service attacks could directly impact your bottom line and dealing with downtime, stolen assets, and recovery processes all entail costs. In addition, stringent data privacy laws like the EU’s General Data Protection Regulation (GDPR) are adding more pressure for you to secure your online channels since non-compliance is punished with stiff monetary penalties.

The recent string of high-profile cybersecurity breaches shows how cyberattacks have become so commonplace. Last November 30, Marriot announced that the data of 500 million customers were pilfered from its Starwood hotel database. 685 million users of apps that integrate with engagement platform Branch.io are also feared to be left vulnerable due to a scripting flaw which was disclosed last October. Even question and answer platform Quora was hit by a breach, affecting 100 million of its users.

And if these weren’t enough, here’s yet another alarming development for you to look out for. The supposed legitimate businesses and service providers you may partner with to broaden your reach in a market like China may also be the ones that threaten your security. Several Chinese service providers tapped by Amazon merchants are found to be suspiciously asking for the sellers’ Amazon Marketplace Web Service secret keys. Such actions are considered security faux pas since these access keys are not supposed to be shared to third parties and could be used by hackers to steal sensitive information.

Dubious Activities

If you want to engage Chinese customers and suppliers, chances are you have to enlist a third-party provider to facilitate processes such as payments and fulfillment. Given the doubtful credibility of some Chinese parties, these services should provide a layer of security. For instance, payment companies could thwart fraud attempts and help guarantee the fulfillment of orders.

Unfortunately, some of these companies may actually be doing something shady on the side. Payment companies like PingPong and Lian Lian Pay are among those that require merchants to provide them with secret keys, supposedly for use in the integration of seller accounts to their systems. However, there’s simply no good reason for these companies to ask for such credentials as there are other ways to link up to Amazon’s programming interface securely.

The potential impact of leaked secret keys shouldn’t be underestimated. Amazon’s Marketplace Web Service is used to manage inventories and orders and generate reports. With access to secret keys, malicious parties could have unbridled access to sensitive data such as personal, financial, and supply chain information which attackers can then sell or use to launch other forms of attack. It is even possible for these efforts to be part of a larger cyber espionage campaign.

This isn’t the first time the Chinese have allegedly been involved in questionable activities related to Amazon and data. A Bloomberg story reported that tiny microchips of Chinese origin were supposedly found in servers used by Amazon and several other US-based organizations back in 2015. Through these chips, attackers could access the networks to which the servers are connected. Amazon has since addressed these claims but the story clearly illustrates a plausible scenario where Chinese involvement in the manufacture and supply of components could introduce security threats to products sold all over the world.

China’s Growing Influence

Yet, despite these concerns, it’s tough to participate in global e-commerce without coming across China these days. Many US businesses have started to rely on Chinese suppliers since they could readily meet demand at low prices, giving merchants huge margins to work with. The growing buying power of Chinese consumers also provides opportunities for businesses to offer products to a burgeoning market.

China is also redefining competition for US businesses. On Amazon, 34 percent of the platforms top sellers are Chinese which means bulk of the goods that pass through the platform are sourced from China. Some even argue that this influx of Chinese players are hurting smaller US merchants through low-ball pricing and the sale of counterfeit goods.

Chinese conglomerates are even taking the fight to US firms. While Amazon continues to be the top e-commerce company, Alibaba and Jingdong are on its heels, posting billions of dollars in revenue. Alibaba is already strengthening its foothold in other Asian regions after investing in and acquiring other e-commerce operations in India and Southeast Asia.

Unless you intend to run your e-commerce business as an isolated, highly-niche, and localized operation, dealing with this increasing Chinese influence will be inevitable.

Protecting Your Business and Data

As a business, you have to evaluate how these trends can affect your business so that you can make the necessary moves to protect your own venture. Here are three measures you can take to safeguard your business from potential threats emerging from these developments.

Tap trustworthy providers. If you have to engage a third-party Chinese-based service providers, choose the reputable ones. Inquire in seller communities and development forums to see which firms have a good track record for integrity and performance. If you are unsure with Chinese-based services, you may want to consider other providers. Fortunately, Chinese parties are also starting to support leading payment systems like PayPal which have long exhibited credibility and are compliant with international financial and banking regulations.

Abide by best practices in development. If you need to integrate your system with third-party services, be sure to abide by the recommended approaches and practices. If you’re unsure how to proceed, hire experts to facilitate the integration on your end. Don’t just blindly give in to what the other party demands especially when it comes to data access. Never hand out credentials that would give these providers deep levels of access to your system such as secret keys and administrator-level accounts.

Go local. You may also want to reconsider where and with whom you want to conduct business especially now that the US is locked in a trade war with China. Given the impact of tariffs on the costs and prices, you may find it more beneficial to look inward and focus on engaging local suppliers and customers. This could even revitalize local manufacturing and bolster home-grown production.

Be alert

China’s aggressive approach to assert itself internationally is shaping up to be a cause for concern for everyone. Since the trade war, China has become a top country of origin for cyberattacks against US targets. Even small businesses should always be on the lookout to the shrewd ways the Chinese can compromise systems. Given how valuable data is these days, it would be for everyone’s benefit for you to take the necessary steps to secure your end.


The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.









Zeen is a next generation WordPress theme. It’s powerful, beautifully designed and comes with everything you need to engage your visitors and increase conversions.

Wealth Empire Newsletter
Register now for free updates and alerts

Subscribe By

Note: I have the ability to revoke this permission at any time and ask for the removal of my personal data collected by contacting us or simply clicking Unsubscribe.