CH5

p. 326 case study questions

1.       Technology companies like Apple, Google, Samsung, PayPal & Square, large national merchants like Walmart, Sears & Target, and also credit card companies such as Visa, MC, Discover, & Amex.

2.       Venmo lets users transfer money to one another (peer-to-peer).

3.       Apple Pay does not store funds like Android pay. Apple Pay is like Samsung Pay in that it uses NFC technology, but Samsung Pay differs from Apple Pay in that it has an additional feature that allows it to switch to Magnetic Secure Transmission (existing point of sale technology) when NFC is not available with the vendor; both Apple Pay and Samsung Pay do not store funds.

4.       In three ways: PayPal uses a smartphone swiper device at brick and mortar, through a browser interface online, such as using a phone or tablet, and lastly a Bluetooth enabled Android/iOS app (app on the phone corresponds/links to the merchant app stored by the brick and mortar vendor run on a PC as a cash register which talk to each other via the Bluetooth connection).

p. 330

1.       Some signs that your e-commerce website has been hacked are: Complaints from users that their information has been used fraudulently, notification from security software, security professionals, or security provider that your system has been attacked and, possible notification from attackers, such as a request for ransom to return stolen information, or undo a systemic denial of service.

 

The major types of attacks are data breech and malicious code. Data breech is when an organization loses control over its information to outsiders. The usual type of occurrence is having data stolen through spyware for fraudulent use such as credit card information for illegal purchases or identity theft.

 

Malicious code (malware) takes advantage of software weaknesses through typical things such as Trojan horses, worms, viruses, potentially unwanted programs, and bots. A Trojan horse, oftentimes delivered via email is a batch of code that is unwittingly released onto organizational computers that can cause damage, degrade system performance, or perform unwanted functions like information collection. Worms do the same thing, but migrate from computer to computer. Unwanted software installs itself onto victim computers and can be in the form of adware (unwanted ads), spyware (keystroke, email, and screenshot copying), and browser parasites (change and monitor browser settings). Bots are covertly installed (moles) on computers and respond to external commands to control the computer remotely to the offenders bidding for unauthorized purposes.† †

 

2.       Unsecure Wi-Fi is the number one threat to m-commerce. Many people enable Wi-Fi on their phones and just leave it enabled without ever turning it off. This offers eavesdropping hackers the opportunity to access your mobile information when you are out in public and donít realize that your phone is automatically accessing a Wi-Fi network you have come into contact with and that your phone is engaging. As soon as you conduct a financial transaction you are possibly

3.       losing your information. The answer is to disable Wi-Fi on your phone when shopping in public and only conduct financial transactions over your mobile network (phone network), and not Wi-Fi. Another alternative is to only access secure W-Fi networks that you know and trust.

Another threat is unprotected mobile phones. Surprisingly, many people do not use anti-virus software. This leaves your phone susceptible to rootkit software that can steal info (like digital certificates), change settings on the phone (changes phone behavior), launch phishing and social engineering software (tricks users into criminalsí desired actions, such as divulging information), and potentially operate the phone.