ITS 380: Global E-commerce Systems

John Bergstrom


1.     Who are the tree major players in the mobile payment market?

I would say the three biggest mobile players in the mobile payment market are PayPal (Venmo), Square, and Apple Pay if we look at the North American market, but if we look on a global basis, WeChat would probably be in there too since a majority of transactions in China and other parts of Asia is handled by WeChat. Since PayPal was a late player in the mobile payment industry it is surprising to see that they are one of the largest players in this industry to this day, a reason for this is probably the natural transition from e-transactions to mobile payment. Square operates large-scale payment processing similar to PayPal. Apple Pay is free to consumers but makes profit by charging a 0.15% charge from the credit card companies instead of the consumers.

2.     Why is Venmo considered a social-mobile payment system?

Venmo is viewed as a social-mobile payment system because users can opt to share their purchase events, and if they do choose to share their transaction it comes with a cost as Venmo charges for the notification. Users can also choose to keep their transactions private. Users that do choose to share their transactions will communicate this to their friend network on Venmo, that is connected through Facebook, Twitter, or Instagram where they can also put captions and use emojis to show their friends what they just purchased or paid for, from a company or friend.

3.     How does Apply Pay differ from Android Pay and Samsung Pay?

The common denominator between the three is that they all use NFC technology to operate, but the difference between Apple Pay and Android/Samsung Pay is that Apple Pay makes the purchase directly from the Apple Pay software by cooperating with major banks and large stores. With Android Pay Customers hold their phone near the merchantís NFC terminal at checkout, where they are asked to enter their PIN and then choose to pay with either the credit or debit card that is on file on the Android Pay software. Apple Pay does not store any credit or debit card information whatsoever. And because Android Pay stores user funds it is also subject to federal regulation. Samsung Pay can use both NFC technology but when that is not available users can also use their Magnetic Secure Transmission that sends the card data stored on the userís device to traditional magnetic stripe terminals. This basically means that Samsung Pay can be used by millions of existing point-of-scale cards swiping terminals without upgrading them to NFC technology.

4.     How does PayPal enable mobile payments?

PayPal enables mobile payments in three ways. First, they sell a device that allows merchants, mostly small business to swipe credit cards using a smartphone or tablet, just like the Square device. Secondly, the most commonly PayPal mobile payment occurs when customers use their mobile device browser on a tablet or smartphone to make a purchase or payment at a website. The third method that PayPal uses is their app for Ios and Android devices. Using this app enables the userís app to cooperate with the merchantís store and recognizes that a purchase has been made when the customer tells the merchant that he wants to pay using PayPal. The app establishes a link between the merchantís device and the user app through Bluetooth and charges the customers PayPal accounts.

Project Questions

1.     Imagine you are the owner of an e-commerce website. What are some of the signs that your site has been hacked? Discuss the major types of attacks you could expect to experience and the resulting damage to your site. Prepare a brief summary presentation.

Computer hacking always involves some infringement of or damage to computer-bases, such as documents, web pages or software privacy. Additionally, to see if your website has been hacked you can check if the HTML files have been tampered with or the detection of unusual activities or anomalies. This is detected by high spikes of website traffic. The most common attacks on e-commerce websites includes; DOS attacks, DDoS, SQL injection, and cross-site scripting. A computer virus on the other hand is a very small program that has the ability to spread from one device to another, and then destroy vital software components of that device. To protect yourself from this happening you should be careful with using privately used USB flash drives, install anti-virus software such as Norton, instate company policies that helps prevent malicious software to penetrate your system, and in some cases, the use of white-hat hackers can help you detect loopholes in your system that hackers, viruses, and malware could take advantage of. †



2.     Given the shift toward m-comerce, do a search on m-commerce (or mobile commerce) crime. Identify and discuss the security threats this type of technology creates. Prepare a presentation outlining your vision of the new opportunities for cybercrime that m-commerce may provide.

I did a brief search on google and found that some of the upcoming m-commerce crimes involves Rootkit installation, Risky QR codes, and theft of digital certificates. A Rootkit installation is a stealthy type of software that installs itself on a userís device and also hides itself from detection by operating in secret to get private access to a computer and user information. Rootkit installations used to only occur on laptops and desktops but with the increased popularity of m-commerce this malware has spread itself to mobile devices and tablets. If a rootkit is installed on a phone it can affect every part of the phone from hardware to software, and it can even redirect phone calls to criminal operations. Secondly, QR codes which has become an increasingly popular way for consumers to find out more information about a product or a service by scanning a QR code via your device has been compromised by malicious QR codes. Because users that scan QR codes never know beforehand where the code will take them to. In a growing number of cases, QR codes are leading to sites that automatically downloads a virous or malware onto the userís mobile device. It is therefore recommended to only scan QR codes from well-established and well-known companies and websites.

Lastly, the theft of digital certificates has become an increasing problem. Thieves can now bypass a mobile phoneís security where they steal digital certificates, which gives the thieves access to valuable information. This can lead to identity theft which can result in credit card fraud or fraudulent activity on your behalf. The thieves intercept your certificate by having software installed on your device that picks up the certificate authorization and sends it to thieves, which gives them access to your information.