Adrian Leal

ITS 380-001


Chapter 5 E-commerce Security and Payment Systems


Case study


1.      What is the value proposition that Apple Pay offers customers? How about merchants?

Apple Pay is a more secure way to pay for the customer, since the information he gives to the merchant is encrypted, instead of visible like when the customer pays with a regular credit card. It also a safer method since the customer does not need to carry the physical credit card with him, which reduce the risk to lose the credit card and theft. The confirmation is made with the fingerprint, which is a much secure method to prevent fraud.

On the other hand, the merchant is also benefited. He offers a new payment method, which can bring more customers that were previously limited by the previous methods; a quick way to make payments, which can accelerate sells, and therefore attend more customers; and Apple Pay does not charge a fee, contrary to the regular credit card services that charge a fee around 2% of the payment.


2.      What are some of the limitations of Apple Pay that might prevent its widespread adoption?

One of the biggest limitations that Apple Pay has is that it is only available for people that own an iPhone 6 or a newer model, which does not represent a high percentage of the population. Furthermore, in some areas of the world, Android is very extended and does not have this capability, plus Samsung has developed its own payment method that is very effective too.


3.      What advantages do the Square and PayPal mobile card-swiping solutions have in the mobile payment market? What are their weaknesses?

Both services have added new payment options. These options facilitate consumers’ transactions with the sellers and provide a high security of the payment. PayPal, for instance, permits to buy in practically any website and ends with some geographical problems; European credit card trying to be used on an American website. Even though both of them are great services, they are not completely extended yet, and all the buyers’ information makes them a vulnerable place for hacks to obtain information of credits cards and buyers.


4.      What strategies would you recommend that Apple pursue to assure widespread consumer adoption of Apple Pay?

The business model of Apple does not include sharing its software with other hardware providers. Being this said, only Apple users will be consumers that will be able to use this service. In order to motivate people to use this service, Apple assures that e-commerce websites adopt this new payment method in order to offer the option to pay with Apple Pay. A good way to implement this will be helping merchants to introduce their business to the e-commerce era.





1.      Why is it less risky to steal online? Explain some of the ways criminals deceive consumers and merchants

Stealing online is less risky than stealing in a physical store because it is harder to find the person who did it normally it has an anonymous profile. Some way criminals steal online is by introducing a virus on computers that allow them to commit fraud, or intercepting emails with important information.


5.      Name the major points of vulnerability in a typical online transaction.

These points are found at the client level, at the server level, and over the Internet communication channels. These are where the vulnerability to access confident information is higher, and the places where hackers try to commit a cyber crime.


6.      Briefly explain how public key cryptography works.

One of the keys allocated to each person is called the “public key”, which has accessed an easy access to it and to the information of the users. On the other hand, the private key cryptography is safer because none of the keys are “public”.


15. Briefly discuss the disadvantages of credit cards as the standards for online payments. How does requiring a credit card for payment discriminate against some consumers?

Using credit cards as the standard for online payments can carry with it multiple issues. If the bank puts some restrictions on the credit cards, this can make completing a transaction a nightmare because it is hard to know where the problem is coming from. Also, if the credit cards are not activated to operate in foreign countries, some websites will not allow finalizing the transaction, so you would be able to buy what you want. All the users affected by one of these problems, or other issues related to their credit cards will discriminate against them, making impossible for them to complete online payments since the credit cards are the standard method for payments through the Internet.


20. How are the two main types of EBPP systems both alike and different from each other?

The two main types of EBPP are billed-direct and consolidated. Both methods are the convenience for consumers and make possible to make the payments easier and faster. However, in the consolidated method, the relation with the consumer is practically inexistent, and the information is normally shared with

third parties. The billed-direct method has big maintenance costs for the billers.




1.      Imagine you are the owner of an e-commerce Web site. What are some of the signs that your site has been hacked? Discuss the major types of attacks you could expect to experience and the resulting damage to your site. Prepare a brief summary presentation.

The owner of an e-commerce Web site can observe some relevant signs to determine if he/she was hacked. If the number of new users increases dramatically, if the location of the users of the Website is unusual if some content is missing or the URLs do not work, if the information of the products or service that are being sold is modified, or if the customers are not able to finalize the payment.

            The major types of attack that my website could receive are viruses, Trojans, and other forms of malware. This malware can delete data from the Web site, crash the Web site, modify files, steal relevant information, create spam, make fraudulent purchases, and obtain user’s information. The consequences are terrible for the company since it would affect the relation with the customers, and it would affect our reliability.