Term
Top 10 Threats to E-Commerce, 5 relate to fraud
List these |
|
Definition
Misc Fraud
Advance Fee Fraud
Auction fraud
Credit card fraud
Overpayment fraud |
|
|
Term
Top 10 Threats to E-Commerce, 5 relate to fraud
List the ones that don't |
|
Definition
Non-delivery
FBI-Related scams
ID Theft
Computer crimes
Spam |
|
|
Term
| How are users tricked in e-commerce? |
|
Definition
| Phishing and pharming attacks |
|
|
Term
| How does phishing often give itself away? |
|
Definition
| It arrives as spam and does not discriminate between receipients |
|
|
Term
|
Definition
| Redirecting someone from a legit website to a hackers one, can be done via DNS poisoning. |
|
|
Term
| Which two types of communications do e-commerce use instead of emails |
|
Definition
Messaging features within websites
Traditional email ltd to notification of messages awaiting retrieval |
|
|
Term
| Securing an e-commerce site has three layers to secure which are |
|
Definition
User side
During transport of data
At the merchant side |
|
|
Term
| What considerations for sec at the user side (2) |
|
Definition
Physical access control to the machine
User auth and authorisation |
|
|
Term
| What considerations for sec at the transport (2) |
|
Definition
|
|
Term
| What sec at the merchant side (3) |
|
Definition
Secure storage of user info
User's privacy protection
Auth of parties involved |
|
|
Term
| Three types of certificates |
|
Definition
Self issues
Legit
Extended validity |
|
|
Term
| What are the threats to E-Commerce? |
|
Definition
Fraud
Identity theft
Non-delivery
Spam |
|
|
Term
| List TEN. THAT'S RIGHT, TEN Fraud scenarios |
|
Definition
Steals CC details
Manipulates the price of products
fake orders on behalf of other users
Cancel orders of other users
Modify shipping address of order
Shut down online store
Harvest email Ids for spam
Reset passwords of users
Gifts himself a gift voucher from another user
Places two orders for the price of one |
|
|
Term
| How could a user notice they've been 'pharmed' |
|
Definition
| Lack of SSL or invalid certifiate |
|
|
Term
| What is the consequence of phishing to the user? |
|
Definition
| Parting with the requested information leaves the user vulnerable to theft and financial loss |
|
|
Term
| What does phising force companies to do? |
|
Definition
| Communicate with their users in other ways |
|
|
Term
| What way might merchants talk to their customers besides emails? |
|
Definition
| Incorp. messaging features within websites |
|
|
Term
| What two threats besides phishing and pharming are there to e-commerce? |
|
Definition
Defacement
Denial of service |
|
|
Term
| What two phishing and pharming exploit? |
|
Definition
|
|
Term
| What considerations are there when securing an e-commerce site? (5) |
|
Definition
Client,
data in transmit,
e-commerce server,
backend system,
database |
|
|
Term
| What security do you consider at the user side? |
|
Definition
Physical access control to the machine
User authentication and authorisation |
|
|
Term
| What considerations are there during transport of data? |
|
Definition
Confidentiality
Data integrity |
|
|
Term
| Security at the merchant side needs which considerations? |
|
Definition
Secure storage of user info
User privacy protection
Authentication of parties involved |
|
|
Term
| What is the most widely used security mechanism for e-commerce? |
|
Definition
|
|
Term
| What provides encryption of the communications link and confirmation that server belongs to merchant? |
|
Definition
|
|
Term
|
Definition
| Allow the merchant to ID the consumer (unless the consumder has a certificate) |
|
|
Term
|
Definition
Encryption of the comms link
Confirmation that server belongs to merchant |
|
|
Term
| What four measures are there to boost confidence? |
|
Definition
Verified by Visa
Verisign
Mastercard SecureCode
TrustE |
|
|
Term
| How do schemes like Verified by Visa work? |
|
Definition
| Users berify the legitimate use of their card number by providing a password |
|
|
Term
| What is an extended validity certificate? |
|
Definition
| Like a legit certificate, but more |
|
|
Term
| What three types of certificates can you get? |
|
Definition
Self-issued
Legitimate
Extended validity |
|
|
Term
| What did some bloody academics break? |
|
Definition
| Created a rogue certification authority |
|
|
Term
| What does a rogue certificate authority allow to happen? |
|
Definition
|
|
Term
| How does the rogue certificate authority generate certificates? |
|
Definition
|
|
Term
| What are the required actions for E-Commerce? |
|
Definition
Appropriate use of technologies
Improved awareness to increase consumer confidence |
|
|
Term
| What type of protection is needed for e-commerce? |
|
Definition
Authentication of merchant server
Authentication of client computer
Protection during transmit for C&I
Secure storage
Privacy protection
Physical access to client machine |
|
|
Term
| What is available to protect e-commerce? |
|
Definition
SSL to protect during transmit
Certificates to authenticate
Encryption at the client end
Further authentication through things like 'Verified by Visa' |
|
|
