Aiming at the problem that payment verification code is easy to leak during the process of mobile payment, a two-factor mobile payment solution based on encrypted SMS was proposed. Based on the public key system, the Public Key Infrastructure/Certification Authority (PKI/CA) authentication method was used to authenticate the server and the client online, and the registered user name, password and encrypted transaction verification SMS were used to ensure that even if the verification code ciphertext was leaked, the attacker can not obtain the verification code, thus eliminating the risk of theft caused by the verification code leakage. The simulation results show that the response time of the encrypted verification solution using the SMS interface is not very different from the unencrypted solution, and the growth trend is consistent with that of the unencrypted solution and increases linearly with the increase of the user access, which can take into account both of security and effectiveness of the system.