Chapter 5 (Slides)

Question 1

What is DDoS?

Answer 1

Distributed Denial of Service attacks are capable of slowing internet service within entire countries.

Question 2

What is the global economic impact of cybercrime and cyber-espionage? Also which is the most high-profile forms of cybercrime?

Answer 2

$455B - $600B and there have been reports of an increase in cybercrime. Online Credit Card fraud was one of the most high-profile forms of cybercrime.

Question 3

What is required for good E-commerce security?

Answer 3

1. Better technologies
2. Policies and procedures
3. Industry standard laws

• Improved security measure usually come at the cost of performance as it makes a website slower to use.

Question 4

What are the different dimensions of customer security?

Answer 4

There are 6 different dimensions of customer security:

1. Integrity
2. Nonrepudiation
3. Authenticity
4. Confidentiality
5. Privacy
6. Availability

Question 5

What are the key points of vulnerability in e-commerce environment?

Answer 5

• Client
• Server
• Communication Pipelines: Some possible threats are:
  
  • DOS attack, Wire taps, Web beacons, Customer List hack etc

Question 6

What are the different types of Security threats?

Answer 6

Acronym to remember: “PPPSSSIIIMMDDCCH” (lol)

1. Phishing: Scams, Identity fraud etc.
2. PUP(Potentially Unwanted Programs): Browser parasites, Spyware etc
3. Poorly Developed Software: Heartbleed bug, FREAK etc
4. Spoofing, Spam websites: Attempting to hide ones true identity by using someone else’s email or IP address. Pharming is automatically directing the URL to another website
5. Sniffing, ManInTheMiddle attacks: Eavesdropping program monitoring networks. MITM is basically when attackers intercept and change communications between two parties.
6. Social Network Security issues: Fake offerings etc, social spamming
7. Mobile Platform Security issues: Fishing, Smashing, Madware etc.
8. Malicious code: Trojan Horses, Bots, Viruses, Worms etc
9. Data breaches: Enable credential stuffing attacks, caused by hacking/employee negligence etc
10. DOS attacks: Flooding website with ping and page requests, to aim to shut down slow the website, Smoke-screening.
11. Insider attack: employee access to privileged info can be used against the company
12. Identity fraud
13. IoT security issue: Hard to protect, little visibility into workings, data or security.
14. Cloud security issue: DDoS attacks, infrastructure scanning, lack of encryption
15. Credit card theft
16. Hacking/Hacktivism & Cybervandalism: Tiger teams and bug bounty hunters

Question 7

What are the limitations of online credit card payment?

Answer 7

• Security, merchant risk
• Cost
• Social equity

Question 8

What are the alternative online payment systems than online credit card payment?

Answer 8

1. Online stored value systems:
   
   • Based on value stored in a consumers bank eg: PayPal, Amazon Pay, Facebook Pay

Question 9

What technology do Mobile Payment systems use? What are some different types of wallets?

Answer 9

NFC (Near field communication and QR codes. Some types of wallets:
- Proximity wallet apps: Apple pay
- Branded store proximity: Walmart, Target etc
- P2P apps: Zelle, Venmo etc

Question 10

What is EBPP?

Answer 10

Stands for Electronic Billing Presentment and Payment. It is an online payments system for monthly bills. There are 4 EBPP business models:

• Online banking model
• Biller direct
• Mobile
• Consolidator