Tam Pham Bang Le
October 11, 2019
CH5 E-Commerce Security and Payment Systems
Case Study – Mobile Payments:
1. What are the three types of mobile payments, and how do they differ?
There are three types of mobile payment apps: proximity payment systems such as Apple Pay, Google Pay, and Samsung Pay, which can be used at participating merchants as a point-of-sale payment. Branded proximity payment systems also uses proximity technology but can be used only at a single merchant's stores, such as Walmart Pay. A third type involves payments among individuals, P2P payments, which can be used to transfer funds among users who have installed a proprietary app, such as Venmo or Zelle QuickPay.
2. Who are the largest adopters of mobile payment methods? Why?
Apple Pay is the leader in mobile proximity payment with 22 million users, followed by Google Pay and Samsung Pay with about 11 million users each. Apple has major hardware and software mobile payment initiatives. Apple owns the hardware and software platform of the ubiquitous smartphone, making their devices and services more useful to consumers, while PayPal and Square operate large-scale online payment processing platforms and apps that can be used on all smartphones
3. Why are digital wallets provided by Apple, Google, and Samsung not growing as fast as expected?
Anyone who buys a smartphone is strongly encouraged to download the payment apps as part of the initialization of the phone, but few actually use them in large part because merchants have been slow adopters of NFC equipment, and consumers still find credit and debit cards to be convenient.
4. What is Zelle and why did it grow so fast in the last few years?
Zelle is a digital payment service that allows bank customers to make digital payments and transfers to other account holders using an app and to receive payments from others. Users need to know either the email or cell phone number of the recipients. The transfers are nearly instantaneous, and are referred to as instant payments, in contrast to other digital payments systems which typically require one business day or more to complete. Moreover, transfers and payments among existing accounts are free, and typically rely on customers' existing checking accounts. Payments are free, and transfer funds in a few minutes, rather than overnight for PayPal, Venmo, Square Cash, or others in this market.
1. Imagine you are the owner of an e-commerce website. What are some of the signs that your site has been hacked? Discuss the major types of attacks you could expect to experience and the resulting damage to your site. Prepare a brief summary presentation.
The owner of an e-commerce Web site can observe some relevant signs to determine if he/she was hacked. If the number of new users increases dramatically, if the location of the users of the Website is unusual if some content is missing or the URLs do not work, if the information of the products or service that are being sold is modified, or if the customers are not able to finalize the payment. The major types of attack that my website could receive are viruses, Trojans, and other forms of malware. This malware can delete data from the Web site, crash the Web site, modify files, steal relevant information, create spam, make fraudulent purchases, and obtain user’s information. The consequences are terrible for the company since it would affect the relation with the customers, and it would affect our reliability.
2. Find three certification authorities and compare the features of each company's digital certificates. Provide a brief description of each company as well, including number of clients. Prepare a brief presentation of your findings.
Three certification authorities include: Comodo Group, Symantec, and DigiCert. Comodo is a cloud based cyber security platform that provides active breach protection in a single platform. They use something that they call the Dragon Platform which has endpoint security, managed detection & response, and network security. Another authority is Symantec which is a private certification authority that provides security and management of private intranet certificates. They also avoid expiration, risks, errors, time and hidden costs. Finally, Digicert claims that it has all certifications in a single platform that makes it easy to protect your customers and guard your brand by automating every step of the certification life cycle.