Chapter 5 (Slides) Flashcards
What is DDoS?
Distributed Denial of Service attacks are capable of slowing internet service within entire countries.
What is the global economic impact of cybercrime and cyber-espionage? Also which is the most high-profile forms of cybercrime?
$455B - $600B and there have been reports of an increase in cybercrime. Online Credit Card fraud was one of the most high-profile forms of cybercrime.
What is required for good E-commerce security?
- Better technologies
- Policies and procedures
- Industry standard laws
- Improved security measure usually come at the cost of performance as it makes a website slower to use.
What are the different dimensions of customer security?
There are 6 different dimensions of customer security:
- Integrity
- Nonrepudiation
- Authenticity
- Confidentiality
- Privacy
- Availability
What are the key points of vulnerability in e-commerce environment?
- Client
- Server
- Communication Pipelines: Some possible threats are:
- DOS attack, Wire taps, Web beacons, Customer List hack etc
What are the different types of Security threats?
Acronym to remember: “PPPSSSIIIMMDDCCH” (lol)
- Phishing: Scams, Identity fraud etc.
- PUP(Potentially Unwanted Programs): Browser parasites, Spyware etc
- Poorly Developed Software: Heartbleed bug, FREAK etc
- Spoofing, Spam websites: Attempting to hide ones true identity by using someone else’s email or IP address. Pharming is automatically directing the URL to another website
- Sniffing, ManInTheMiddle attacks: Eavesdropping program monitoring networks. MITM is basically when attackers intercept and change communications between two parties.
- Social Network Security issues: Fake offerings etc, social spamming
- Mobile Platform Security issues: Fishing, Smashing, Madware etc.
- Malicious code: Trojan Horses, Bots, Viruses, Worms etc
- Data breaches: Enable credential stuffing attacks, caused by hacking/employee negligence etc
- DOS attacks: Flooding website with ping and page requests, to aim to shut down slow the website, Smoke-screening.
- Insider attack: employee access to privileged info can be used against the company
- Identity fraud
- IoT security issue: Hard to protect, little visibility into workings, data or security.
- Cloud security issue: DDoS attacks, infrastructure scanning, lack of encryption
- Credit card theft
- Hacking/Hacktivism & Cybervandalism: Tiger teams and bug bounty hunters
What are the limitations of online credit card payment?
- Security, merchant risk
- Cost
- Social equity
What are the alternative online payment systems than online credit card payment?
- Online stored value systems:
- Based on value stored in a consumers bank eg: PayPal, Amazon Pay, Facebook Pay
What technology do Mobile Payment systems use? What are some different types of wallets?
NFC (Near field communication and QR codes. Some types of wallets:
- Proximity wallet apps: Apple pay
- Branded store proximity: Walmart, Target etc
- P2P apps: Zelle, Venmo etc
What is EBPP?
Stands for Electronic Billing Presentment and Payment. It is an online payments system for monthly bills. There are 4 EBPP business models:
- Online banking model
- Biller direct
- Mobile
- Consolidator