Scribd
Upload
0 views25 pages

Chapter 4

Uploaded by

nguyenthithanhthao260704

Chapter 4 of 'E-commerce 2021' discusses key concepts of e-commerce security, including confidentiality, integrity, and nonrepudiation, along with various types of cyber threats such as phishing and malware. It highlights the challenges of estimating cybercrime costs and the security issues raised by the Internet of Things (IoT). The chapter also covers cryptography, firewalls, and methods for securing online transactions.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt

Chapter 4

Uploaded by

nguyenthithanhthao260704
0 views25 pages
Chapter 4 of 'E-commerce 2021' discusses key concepts of e-commerce security, including confidentiality, integrity, and nonrepudiation, along with various types of cyber threats such as phishing and malware. It highlights the challenges of estimating cybercrime costs and the security issues raised by the Internet of Things (IoT). The chapter also covers cryptography, firewalls, and methods for securing online transactions.

Copyright

© © All Rights Reserved

Available Formats

DOCX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

Chapter 4 of 'E-commerce 2021' discusses key concepts of e-commerce security, including confidentiality, integrity, and nonrepudiation, along with various types of cyber threats such as phishing and malware. It highlights the challenges of estimating cybercrime costs and the security issues raised by the Internet of Things (IoT). The chapter also covers cryptography, firewalls, and methods for securing online transactions.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
0 views25 pages

Chapter 4

Uploaded by

nguyenthithanhthao260704
Chapter 4 of 'E-commerce 2021' discusses key concepts of e-commerce security, including confidentiality, integrity, and nonrepudiation, along with various types of cyber threats such as phishing and malware. It highlights the challenges of estimating cybercrime costs and the security issues raised by the Internet of Things (IoT). The chapter also covers cryptography, firewalls, and methods for securing online transactions.

Copyright:

© All Rights Reserved
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 25

E-commerce 2021: business. technology. society.

, 16e (Laudon/Traver)
Chapter 4 E-commerce Security and Payment Systems

1) Confidentiality is sometimes confused with:


A) privacy.
B) authenticity.
C) integrity.
D) nonrepudiation.
Answer: A

2) ________ is the ability to ensure that e-commerce participants do


not deny their online actions.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: A

3) ________ is the ability to identify the person or entity with whom


you are dealing on the Internet.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: B

4) Which of the following is an example of an integrity violation of e-


commerce security?
A) A website is not actually operated by the entity the customer believes
it to be.
B) A merchant uses customer information in a manner not intended by
the customer.
C) A customer denies that he is the person who placed the order.
D) An unauthorized person intercepts an online communication and
changes its contents.
Answer: D
5) ________ is the ability to ensure that an e-commerce site continues
to function as intended.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: C
6) Which of the following is an example of an online privacy
violation?
A) your e-mail being read by a hacker
B) your online purchasing history being sold to other merchants without
your consent
C) your computer being used as part of a botnet
D) your e-mail being altered by a hacker

7) ________ is the ability to ensure that messages and data are only
available to those authorized to view them.
A) Confidentiality
B) Integrity
C) Privacy
D) Availability
Answer: A

8) Which of the following is not a key factor for establishing e-


commerce security?
A) data integrity
B) technology
C) organizational policies
D) laws and industry standards
Answer: A

9) According to Ponemon Institute's 2019 survey, which of the


following was not among the causes of the costliest cybercrimes?
A) malicious insiders
B) web-based attacks
C) denial of service
D) botnets
Answer: D

10) Typically, the more security measures added to an e-commerce


site, the slower and more difficult it becomes to use.
Answer: TRUE

11) Why is it difficult to accurately estimate the actual amount of


cybercrime?
Answer: It is difficult to accurately estimate the actual amount of
cybercrime, in part, because
many companies are hesitant to report it due to the fear of losing the trust
of their customers, and
because even if crime is reported, it may be difficult to quantify the actual
dollar amount of the
loss.
Difficulty: Easy
AACSB: Analytical thinking; Written and oral communication
Learning Objective: 5.1: Understand the scope of e-commerce crime and
security problems, the
key dimensions of e-commerce security, and the tension between security
and other values.

12) Which of the following statements about data breaches in 2019 is


not true?
A) According to the Identity Theft Resource Center, the number of
breaches in 2019 increased by 17% from 2018.
B) According to the Identity Theft Resource Center, the breaches exposed
almost 165 million sensitive records, such as social security numbers and
financial account data.
C) According to the Identity Theft Resource Center, employee error was
the leading cause of data breaches.
D) According to the Identity Theft Resource Center, data breaches
involving the business sector represented about 44% of all breaches.
Answer: C

13) Which of the following is a brute force attack which hackers


launch via botnets and automated tools using known user name and
password combinations?
A) credential stuffing
B) phishing
C) pharming
D) MitM attack
Answer: A

14) Which of the following did the Internet Advertising Bureau urge
advertisers to abandon?
A) HTML
B) HTML5
C) Adobe Flash
D) Adobe Acrobat
Answer: C

15) Accessing data without authorization on Dropbox is an example


of a:
A) social network security issue.
B) cloud security issue.
C) mobile platform security issue.
D) sniffing issue.
Answer: B

16) Conficker is an example of a:


A) virus.
B) worm.
C) Trojan horse.
D) botnet.
Answer: B

17) Which of the following is the leading cause of data breaches?


A) theft of a computer
B) accidental disclosures
C) hackers
D) DDoS attacks
Answer: C

18) Software that is used to obtain private user information such as a


user's keystrokes or copies of e-mail is referred to as:
A) spyware.
B) a backdoor.
C) a browser parasite.
D) adware.
Answer: A

19) Which of the following technologies is aimed at reducing e-mail


address spoofing and phishing?
A) TLS
B) WPA
C) DMARC
D) MFA
Answer: C

20) What is the most frequent cause of stolen credit cards and card
information today?
A) lost cards
B) the hacking and looting of corporate servers storing credit card
information
C) sniffing programs
D) phishing attacks
Answer: B
21) Which dimensions of security is spoofing a threat to?
A) integrity and confidentiality
B) availability and authenticity
C) integrity and authenticity
D) availability and integrity
Answer: C

22) Which of the following is not an example of malicious code?


A) scareware
B) Trojan horse
C) bot
D) sniffer
Answer: D

23) The attack against Dyn servers is an example of a(n):


A) SQL injection attack.
B) Browser parasite.
C) DDoS attack.
D) MitM attack.
Answer: C

24) Beebone is an example of which of the following?


A) worm
B) botnet
C) phishing
D) hacktivism
Answer: B

25) Malware that comes with a downloaded file requested by a user is


called a:
A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.
Answer: C

26) Which of the following is not an example of a potentially


unwanted program (PUP)?
A) adware
B) browser parasite
C) drive-by download
D) spyware
Answer: C
27) Which of the following was designed to cripple Iranian nuclear
centrifuges?
A) Stuxnet
B) Shamoon
C) Snake
D) Storm
Answer: A

28) Automatically redirecting a web link to a different address is an


example of which of the following?
A) sniffing
B) social engineering
C) pharming
D) DDoS attack
Answer: C

29) Which of the following types of attacks enabled hackers to take


control of the Twitter accounts of dozens of America’s most
prominent political, entertainment and technology leaders?
A) DDoS attack
B) ransomware
C) social engineering
D) sniffing
Answer: C

30) ________ typically attack governments, organizations, and


sometimes individuals for political purposes.
A) Crackers
B) Tiger teams
C) Bounty hunters
D) Hacktivists
Answer: D

31) A Trojan horse appears to be benign, but then does something


other than expected.
Answer: TRUE

32) Phishing attacks rely on browser parasites.


Answer: FALSE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.
33) WannaCry is an example of ransomware.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

34) Spoofing is the attempt to hide a hacker's true identity by using


someone else's e-mail or IP address.
Answer: TRUE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

35) Exploit kits can be purchased by users to protect their computers


from malware.
Answer: FALSE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

36) A drive-by download is malware that comes with a downloaded


file that a user intentionally or unintentionally requests.
Answer: TRUE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

37) FREAK is an example of a software vulnerability.


Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

38) What is the Internet of Things (IoT) and what security issues and
challenges does it raise?
Answer: The Internet of Things (IoT) involves the use of the Internet to
connect a wide variety
of sensors, devices, and machines, and is powering the development of a
multitude of smart
connected things, such as home electronics (smart TVs, thermostats,
home security systems, and
more). IoT also includes connected cars, medical devices and industrial
equipment that supports
manufacturing, energy, transportation, and other industrial sectors.
Unfortunately, IoT raises a host of security issues similar to existing
security challenges, but
even more challenging, given the need to deal with a wider range of
devices, operating in a less
controlled, and global environment. In a world of connected things, the
devices, the data
produced and used by the devices, and the systems and applications
supported by those devices,
can all potentially be attacked. For instance, many IoT devices, such as
sensors, are intended to be deployed on a much greater scale than
traditional Internet-connected devices, creating a vast
quantity of interconnected links that can be exploited. Existing tools,
methods, and strategies
need to be developed to deal with this unprecedented scale. Many
instances of IoT consist of
collections of identical devices that all have the same characteristics,
which magnifies the
potential impact of security vulnerabilities.
Many IoT devices are anticipated to have a much longer service life than
typical equipment,
which raises the possibility that devices may "outlive" the manufacturer,
leaving them without
long-term support that creates persistent vulnerabilities. Many IoT
devices are intentionally
designed without the ability to be upgraded, or the upgrade process is
difficult, which raises the
possibility that vulnerable devices cannot or will not be fixed, leaving
them perpetually
vulnerable. Many IoT devices do not provide the user with visibility into
the workings of the
device or the data being produced, nor alert the user when a security
problem arises, so users
may believe an IoT device is functioning as intended when in fact, it may
be performing in a
malicious manner. Finally, some IoT devices, such as sensors, are
unobtrusively embedded in the
environment such that a user may not even be aware of the device, so a
security breach might
persist for a long time before being noticed.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.
39) What is a sniffing attack and how does it differ from a MitM attack?
Answer: A sniffer is a type of eavesdropping program that monitors
information traveling over a
network. When used legitimately in a sniffing attack, hackers use sniffers
to steal proprietary
information from a network, including passwords, e-mail messages,
company files, and
confidential reports. A man-in-the-middle (MitM) attack also involves
eavesdropping but is more
active than a sniffing attack, which typically involves passive monitoring.
In a MitM attack, the
attacker can intercept communications between two parties who believe
they are directly
communicating with one another, when in fact the attacker is controlling
the communications.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.
40) List and briefly describe the various types of malicious code and how
they work. Include the
different types of viruses.
Answer: Malicious code includes a variety of threats such as viruses,
worms, ransomware,
Trojan horses, and bot programs. A virus is a computer program that can
replicate or make copies
of itself and spread to other files. Viruses can range in severity from
simple programs that display
a message or graphic as a "joke" to more malevolent code that will
destroy files or reformat the
hard drive of a computer, causing programs to run incorrectly. Worms
are designed to spread not
only from file to file but from computer to computer and do not
necessarily need to be activated
in order to replicate. Ransomware is a type of malware (often a worm)
that locks your computer
or files to stop you from accessing them. A Trojan horse is not itself a
virus because it does not
replicate but it is a method by which viruses or other malicious code can
be introduced into a
computer system. It appears benign and then suddenly does something
harmful. For example, it
may appear to be only a game and then it will steal passwords and mail
them to another person.
A backdoor is a feature of worms, viruses, and Trojans that allow
attackers to remotely access compromised computers. Bot programs are
a type of malicious code that can be covertly
installed on a computer when it is attached to the Internet. Once
installed, the bot responds to
external commands sent by the attacker, and many bots can be
coordinated by a hacker into a
botnet.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.2: Identify the key security threats in the e-
commerce environment.

41) Next generation firewalls provide all of the following except:


A) an application-centric approach to firewall control.
B) the ability to identify applications regardless of the port, protocol, or
security evasion tools used.
C) the ability to automatically update applications on a client computer
with security patches.
D) the ability to identify users regardless of the device or IP address.
Answer: C

42) Asymmetric key cryptography is also known as:


A) public key cryptography.
B) secret key cryptography.
C) PGP.
D) PKI.
Answer: A
43) All the following statements about symmetric key cryptography
are true except:
A) in symmetric key cryptography, both the sender and the receiver use
the same key to encrypt and decrypt a message.
B) the Data Encryption Standard is a symmetric key encryption system.
C) symmetric key cryptography is computationally slower.
D) symmetric key cryptography is a key element in digital envelopes.
Answer: C

44) The Data Encryption Standard uses a(n) ________-bit key.


A) 8
B) 56
C) 256
D) 512
Answer: B

45) All of the following statements about public key cryptography are
true except:
A) public key cryptography uses two mathematically related digital keys.
B) public key cryptography ensures authentication of the sender.
C) public key cryptography does not ensure message integrity.
D) public key cryptography is based on the idea of irreversible
mathematical functions.
Answer: B

46) All of the following are features of WPA3 except:


A) it implements a more robust key exchange protocol.
B) it enables the creation of a VPN.
C) it provides a more secure way to connect IoT devices.
D) it features expanded encryption for public networks.
Answer: B

47) All of the following statements about PKI are true except:
A) the term PKI refers to the certification authorities and digital
certificate procedures that are accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to
corporate systems including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) the acronym PKI stands for public key infrastructure.
Answer: C
48) A digital certificate contains all of the following except the:
A) subject's private key.
B) subject's public key.
C) digital signature of the certification authority.
D) digital certificate serial number.
Answer: A

49) Which of the following dimensions of e-commerce security is not


provided for by encryption?
A) confidentiality
B) availability
C) message integrity
D) nonrepudiation
Answer: B

50) All of the following are methods of securing channels of


communication except:
A) TLS.
B) digital certificates.
C) VPN.
D) FTP.
Answer: D

51) A ________ is hardware or software that acts as a filter to


prevent unwanted packets from entering a network.
A) firewall
B) virtual private network
C) proxy server
D) PPTP
Answer: A

52) Proxy servers are also known as __________ because they have
two network interfaces.
A) firewalls
B) application gateways
C) dual home systems
D) packet filters
Answer: C
53) All of the following are used for authentication except:
A) digital signatures.
B) certificates of authority.
C) biometric devices.
D) packet filters.
Answer: D

54) An intrusion detection system can perform all of the following


functions except:
A) examining network traffic.
B) setting off an alarm when suspicious activity is detected.
C) checking network traffic to see if it matches certain patterns or
preconfigured rules.
D) blocking suspicious activity.
Answer: D

55) Which of the following is not an example of an access control?


A) firewalls
B) proxy servers
C) digital signatures
D) login passwords
Answer: C

56) Which of the following statements is not true?


A) A VPN provides both confidentiality and integrity.
B) A VPN uses both authentication and encryption.
C) A VPN uses a dedicated secure line.
D) The primary use of VPNs is to establish secure communications
among business partners.
Answer: C

57) Which of the following statements is not true?


A) Apple's Touch ID stores a digital replica of a user's actual fingerprint
in Apple's iCloud.
B) Biometric devices reduce the opportunity for spoofing.
C) A retina scan is an example of a biometric device.
D) Biometric data stored on an iPhone is encrypted.
Answer: A

58) Face ID is an example of which of the following?


A) biometrics
B) encryption
C) IDS
D) firewall
Answer: A

59) Which of the following is the most common protocol for securing
a digital channel of communication?
A) DES
B) TLS
C) VPN
D) HTTP
Answer: B

60) Most computers and mobile devices today have built-in


encryption software that users can enable.
Answer: TRUE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet
communications
channels and protect networks, servers, and clients.

61) The easiest and least expensive way to prevent threats to system
integrity is to install anti-virus software.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet
communications
channels and protect networks, servers, and clients.

62) Explain the difference between symmetric key cryptography and


public key cryptography.
Which dimensions of e-commerce security does encryption address?
Answer: Symmetric key cryptography involves the use of a secret cipher
that transforms plain
text into cipher text. Both the sender and the receiver use the same key to
encrypt and decrypt the
message. The possibilities for simple substitution and transposition
ciphers are endless, but there
are several flaws in these types of systems that make them inadequate for
use today. First, for the
sender and the receiver to have the same key, it must be sent over a
communication medium that
is insecure or they must meet in person to exchange the key. If the secret
key is lost or stolen, the
encryption system fails. This method can be used effectively for data
storage protection but is
less convenient for e-mail since the correspondents must pass the secret
key to one another over
another secure medium prior to commencing the communication. Second,
in the digital age,
computers are so fast and powerful that these ancient encryption
techniques can be quickly and
easily broken. Modern digital encryption systems must use keys with
between 56 and 512 binary
digits to ensure that decryption would be unlikely. Third, for commercial
use on an e-commerce
site each of the parties in a transaction would need a secret key. In a
population of millions of
Internet users, thousands of millions of keys would be needed to
accommodate all e-commerce
customers.
Public key cryptography solves the problem of exchanging keys. In this
method every user has a
pair of numeric keys: private and public. The public key is not secret; on
the contrary, it is
supposed to be disseminated widely. Public keys may be published in
company catalogs or on
online. The public key is used by outside parties to encrypt the messages
addressed to you. The
private or secret key is used by the recipient to decipher incoming
messages. The main advantage
of a public key cryptographic system is its ability to begin secure
correspondence over the
Internet without prior exchanging of the keys and, therefore, without the
need for a meeting in
person or using conventional carriers for key exchange.
Encryption can provide four of the six key dimensions of e-commerce
security. It can provide
assurance that the message has not been altered (integrity), prevent the
user from denying that
he/she has sent the message (nonrepudiation), provide verification of the
identity of the message
(authentication), and give assurance that the message has not been read
by others
(confidentiality).
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.3: Describe how technology helps secure Internet
communications
channels and protect networks, servers, and clients.
63) What dimensions do digital signatures and hash digests add to public
key cryptography and
how do they work?
Answer: Digital signatures and hash digests can add authentication,
nonrepudiation, and
integrity when used with public key encryption. Encryption technology
also allows for digital
signatures and authentication. The sender encrypts the message yet again
using their private key
to produce a digital signature.
To check the confidentiality of a message and ensure it has not been
altered in transit, a hash
function is used first to create a digest of the message. A hash function is
an algorithm that
produces a fixed-length number called a hash or message digest. To
ensure the authenticity of the
message and to ensure nonrepudiation, the sender encrypts the entire
block of cipher text one more time using the sender's private key. This
produces a digital signature or "signed" cipher
text. The result of this double encryption is sent over the Internet to the
recipient. Then, the
recipient first uses the sender's public key to authenticate the message.
Once authenticated, the
recipient uses his or her private key to obtain the hash result and original
message. As a final
step, the recipient applies the same hash function to the original text and
compares the result with
the result sent by the sender. If the results are the same, the recipient now
knows the message has
not been changed during transmission. The message has integrity.
Difficulty: Difficult
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.3: Describe how technology helps secure Internet
communications
channels and protect networks, servers, and clients.
64) Discuss the security of communications channels. Include definitions
and explanations for
the terms Secure Sockets Layer (SSL), Transport Layer Security (TLS),
secure negotiated session,
session key, HTTPS, and VPN.
Answer: Secure Sockets Layer was the original protocol enabling
securing communications over
the Internet. Today it has been replaced by the Transport Layer Security
Protocol (TLS). When
you receive a message from a web server then you will be communicating
through a secure
channel; this means that TLS will be used to establish a secure negotiated
session. A secure
negotiated session is a client-server session in which the URL of the
requested document, its
contents, and the contents of the forms filled out by the user on the page,
as well as the cookies
that are exchanged, are all encrypted. The browser and the server
exchange digital certificates
with one another, determine the strongest shared form of encryption, and
begin communicating
using a unique symmetric encryption key, agreed upon for just this
encounter. This is called a
session key. TLS provides data encryption, server authentication,
optional client authentication,
and message integrity for the TCP/IP connections between two
computers.
TLS addresses the threat of authenticity by allowing users to verify
another user's identity or the
identity of a server. It also protects the integrity of the messages
exchanged. However, once the
merchant receives the encrypted credit and order information, that
information is typically stored
in unencrypted format on the merchant's servers. While /TLS provides
secure transactions
between merchant and consumer, it only guarantees server-side
authentication. Client
authentication is optional. In addition, In addition, TLS cannot provide
irrefutability —
consumers can order goods or download information products and then
claim the transaction
never occurred.
TLS is used in conjunction with HTTPS, a secure version of the HTTP
protocol that uses TLS
for encryption and authentication. It is implemented by a server adopting
the HTTP Strict
Transport Security (HSTS) feature, which forces browsers to only access
the server using
HTTPS.
Virtual private networks (VPNs) enable remote users to access an
internal network from the
Internet. They use protocols to create a private connection between a
user on a local ISP and a
private network. This process is called tunneling because it creates a
private connection by
adding an encrypted wrapper around the message to hide its content. It is
called virtual because it
appears to be a dedicated secure line when in fact it is a temporary
secure line. VPNs are used
primarily for transactions between business partners because dedicated
connections can be very
expensive. The Internet and VPNs can be used to significantly reduce the
costs of secure communications.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.3: Describe how technology helps secure Internet
communications
channels and protect networks, servers, and clients.

65) What is the first step in developing an e-commerce security plan?


A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.
Answer: C

66) To allow lower-level employees access to the corporate network


while preventing them from accessing private human resources
documents, you would use:
A) a firewall.
B) an authorization management system.
C) security tokens.
D) an authorization policy.
Answer: B
67) Which of the following statements is not true?
A) A majority of states require companies that maintain personal data on
their residents to publicly disclose when a security breach affecting those
residents has occurred.
B) The USA Patriot Act broadly expanded law enforcement's
investigative and surveillance powers.
C) The Cybersecurity Information Sharing Act was strongly supported by
most large technology companies and privacy advocates.
D) The Federal Trade Commission has asserted that it has authority over
corporations' data security practices.
Answer: C

68) Zero trust is a cybersecurity framework based on the principle of


maintaining strict access controls and not trusting anyone or
anything by default, even those behind a corporate firewall.
Answer: TRUE
Difficulty: Easy
AACSB: Application of knowledge
Learning Objective: 5.4: Appreciate the importance of policies,
procedures, and laws in creating
security.

69) How do multi-factor authentication tools provide security?


Answer: Multi-factor authentication (MFA) tools require users to have
multiple credentials to
verify their identify. Authentication credentials might include something
the user knows, such as
a password; something the user possesses, such as a smartphone or
YUBIkey USB device; and
something that the user “is”, such as a physical characteristic. Two-
factor authentication (2FA) is
a subset of MFA that requires two credentials. Many MFA systems use
mobile phones and
involve either texting a one-time dynamic secure passcode to the phone
or pushing an
authentication request to an app on the phone that the user can confirm
via a built-in biometric
authenticator, such as TouchID, as further discussed later. However,
MFA tools can still be
compromised, using malware such as Trickbot, which can intercept the
one-time codes sent by
an app, by phishing attacks, as well as by other methods.
Difficulty: Moderate
AACSB: Application of knowledge; Information technology; Written and
oral communication
Learning Objective: 5.4: Appreciate the importance of policies,
procedures, and laws in creating
security.

70) Which of the following statements about blockchain is not true?


A) A blockchain system is composed of a distributed network of
computers.
B) A blockchain system is inherently centralized.
C) A blockchain system is a transaction processing system.
D) Cryptocurrencies are based on blockchain technology.
Answer: B

71) All of the following statements about Apple Pay are true except
which of the following?
A) Apple Pay is the most popular alternative payment method in the
United States.
B) Apple Pay is an example of a universal proximity mobile wallet.
C) Apple Pay can be used for mobile payments at the point of sale at a
physical store.
D) Apple Pay has more users than either Google Pay or Samsung Pay.
Answer: A

72) PayPal is an example of which of the following types of payment


system?
A) online stored value payment system
B) digital checking system
C) accumulating balance system
D) digital credit card system
Answer: A

73) PCI-DSS is a standard established by which of the following?


A) the banking industry
B) the credit card industry
C) the federal government
D) the retail industry
Answer: B
74) Which of the following is not a major trend in e-commerce
payments in 2020-2021?
A) Online payment volume decreases due to the Covid-19 pandemic.
B) PayPal remains the most popular alternative payment method.
C) Large banks enter the mobile wallet and P2P payments market.
D) Payment by credit and/or debit card remains the dominant form of
online payment.
Answer: A

75) All of the following are limitations of the existing online credit
card payment system except:
A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.
Answer: B

76) Which of the following statements about Bitcoin is not true?


A) The computational power required to mine Bitcoins has increased over
time.
B) Bitcoins are completely secure.
C) Bitcoins are illegal in some countries.
D) Bitcoin mining uses more energy than the entire amount consumed by
Switzerland.
Answer: B

77) Which of the following is a set of short-range wireless


technologies used to share information among devices within about
two inches of each other?
A) DES
B) NFC
C) IM
D) text messaging
Answer: B

78) All of the following are examples of cryptocurrencies except:


A) Ethereum.
B) Ripple.
C) Zelle.
D) Monero.
Answer: C
79) Zelle is an example of a P2P mobile payment app.
Answer: TRUE
Difficulty: Easy
AACSB: Application of knowledge
Learning Objective: 5.5: Identify the major e-commerce payment systems
in use today.

80) Bluetooth is the primary enabling technology for mobile wallets.


Answer: FALSE
Difficulty: Easy
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems
in use today.
81) There is a finite number of Bitcoins that can be created.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems
in use today.
82) Briefly describe the three primary types of mobile wallet apps and
identify the examples of
each type.
Answer: There are three primary types of mobile wallet apps: universal
proximity wallets,
branded store proximity wallets, and P2P apps. Universal proximity
mobile wallets, such as
Apple Pay, Google Pay, and Samsung Pay, that can be used at a variety
of merchants for point-
of-sale transactions if the merchant supports that service (e.g., has an
Apple merchant app and
can accept such payments), are the most-well known and common type.
Branded store proximity
mobile wallets are mobile apps that can be used only at a single
merchant. For instance, Walmart,
Target, Starbucks, and Dunkin Donuts all have very successful mobile
wallet apps. P2P mobile
payment apps, such as Venmo, Zelle, and Square Cash, are used for
payments among individuals
who have the same app.
Difficulty: Moderate
AACSB: Application of knowledge; Information technology; Written and
oral communication
Learning Objective: 5.5: Identify the major e-commerce payment systems
in use today.

83) Mint Bills is an example of which of the following EBPP business


models?
A) biller-direct
B) online banking
C) consolidator
D) mobile
Answer: C

84) According to the most recent Fiserv survey, 65% of consumers in


the United States have used online bill payment.
Answer: TRUE
Difficulty: Moderate
AACSBL Application of knowledge
Learning Objective: 5.6: Describe the features and functionality of
electronic billing
presentment and payment systems.

85) Define and explain how electronic billing presentment and payment
systems (EBPP) systems
work. Describe each of the main EBPP business models.
Answer: EBPP refers to electronic billing presentment and payment
systems, which are systems
that enable the online delivery and payment of monthly bills. EBPP
services allow consumers to
view bills electronically using either their desktop PC or mobile device
and pay them through
electronic funds transfers from bank or credit card accounts. More and
more companies are
choosing to issue statements and bills electronically, rather than mailing
out paper versions,
especially for recurring bills such as utilities, insurance, and
subscriptions.
There are four main types of EBPP business models: online banking,
biller-direct, mobile, and
consolidator. The online banking model is the most widely used today.
Consumers establish an
online payment service with their banks and use it to pay bills as they
come due or automatically
make payments for, say, rent. The payments are made directly to the
seller's bank account. This
model has the advantage of convenience for the consumer because the
payments are deducted
automatically, usually with a notice from the bank or the merchant that
their account has been
debited. In the biller-direct model, consumers are sent bills by e-mail
notification, and go to the
merchant's website to make payments using their banking credentials.
This model has the
advantage of allowing the merchant to engage with the consumer by
sending coupons or
rewards.
The biller-direct model is a two-step process, and less convenient for
consumers. The mobile
model allows consumers to make payments using mobile apps, once
again relying on their bank
credentials as the source of funds. Consumers are notified of a bill by text
message and authorize
the payment. An extension of this is the social-mobile model, where social
networks like
Facebook integrate payment into their messaging services. The mobile
model has several
advantages, not least of which is the convenience for consumers of
paying bills while using their
phones, but also the speed with which bills can be paid in a single step.
This is the fastest
growing form of EBPP. For instance, Facebook Messenger enables users
to send and receive P2P
payments to and from friends and family with either a debit card or
PayPal account. Facebook does not charge for these transfers.
In the consolidator model, a third party, such as a financial institution or
a focused portal such as
Intuit's Paytrust, Fiserv's MyCheckFree, Mint Bills, and others,
aggregates all bills for consumers
and permits one-stop bill payment. This model has the advantage of
allowing consumers to see
all their bills at one website or app. However, because bills come due at
different times,
consumers need to check their portals often. The consolidator model
faces several challenges.
For billers, using the consolidator model means an increased time lag
between billing and
payment, and inserts an intermediary between the company and its
customer.
Supporting these primary business models are infrastructure providers
such as Fiserv, Yodlee,
FIS Global, ACI Worldwide, MasterCard RPPS (Remote Payment and
Presentment Service), and
others that provide the software to create the EBPP system or handle
billing and payment
collection for the biller.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral
communication
Learning Objective: 5.6: Describe the features and functionality of
electronic billing
presentment and payment systems.

You might also like