Mobile Payment Systems Quiz

Questions and Answers

What are online stored value systems based on?

• Cryptocurrency balances held in wallets
• Digital currencies that are automatically generated
• Value stored in a consumer’s bank or credit account (correct)
• Assets stored in physical payment cards

Which of the following is an example of a Buy Now Pay Later (BNPL) service?

• Google Pay
• SPayLater (correct)
• Apple Pay
• Venmo

What technology is commonly used in mobile payment systems for transactions?

• Multi-Factor Authentication (MFA)
• Blockchain technology
• Augmented Reality (AR)
• Near Field Communication (NFC) (correct)

Which mobile wallet app is classified as a universal proximity application?

Samsung Pay (B)

What type of malware is primarily targeting Android devices among mobile platforms?

Rogue apps (B)

In which regions is the use of mobile payment systems predominantly established?

Europe and Asia (C)

Which of the following is NOT one of the threats faced by mobile platforms?

DDoS attacks (B)

Which feature of encryption provides assurance that a message has not been altered during transit?

Message integrity (A)

What is a characteristic of branded store proximity wallet apps?

Exclusive to a single brand or store (C)

What factor is contributing to the expansion of mobile payment systems in the United States?

Growing acceptance by retailers and consumers (C)

What common security issue arises from sharing files that link to malicious sites?

Manual sharing scams (A)

Which statement is true regarding online stored value systems?

They typically utilize consumer bank accounts for stored value. (C)

In cloud security, what is a major concern regarding the management of data?

Responsibility for data security (C)

What is the primary function of a firewall?

To filter packets based on security policy (C)

Which of the following describes the term 'nonrepudiation' in the context of encryption?

Ensuring sender cannot deny sending the message (B)

Which type of attack is characterized by overwhelming a target to disrupt service?

DDoS (B)

Which component is responsible for handling all communications from the Internet?

Proxy server (C)

What aspect of e-commerce security ensures data can only be read by authorized parties?

Confidentiality (C)

What is NOT a typical aspect of a security plan's implementation?

Network performance monitoring (B)

What are the primary online payment methods used in e-commerce?

Credit and debit cards (A)

Which of the following poses a limitation of online credit card payments for consumers?

Social equity (D)

What is the primary method involved in spoofing?

Using someone else's email or IP address (C)

Which element is NOT part of the e-commerce security plan?

Content delivery optimization (C)

What roles do merchants, clearinghouses, and card-issuing banks play in an online credit card transaction?

They facilitate the transaction process between consumers and banks (C)

How does pharming benefit a hacker?

By redirecting a URL to a different address (B)

Which of the following best describes an intrusion prevention system?

A system that detects and prevents unauthorized access (B)

What is a common characteristic of spam websites?

They may harbor malicious code (B)

What distinguishes a Distributed Denial of Service (DDoS) attack from a standard Denial of Service (DoS) attack?

DDoS uses multiple computers to overwhelm the target (C)

Which approach can be used by sniffers to identify problems in networks?

By monitoring network traffic (D)

What is often the biggest financial threat to businesses from insider attacks?

Employee embezzlement (B)

Insider threats are more likely to stem from which factor?

Poor security procedures (D)

What is one of the potential uses of a DDoS attack aside from overwhelming a network?

To insert malware or steal data (A)

How many keys are used in symmetric key cryptography?

A unique key for each transaction (D)

What is the main characteristic of public key cryptography regarding key usage?

Two mathematically related keys are used (B)

What does the sender use to ensure the authenticity of a message in public key cryptography?

Sender's private key to create a digital signature (B)

Which method cannot be used to decrypt a message that has been encrypted with a public key?

Sender's private key (A), Recipient's public key (B), Sender's public key (D)

What is the purpose of using a hash function in public key cryptography?

To verify message integrity (A)

What is a characteristic of the keys used in public key cryptography?

One key is secret and one is public (D)

In which method is the encryption performed by the sender using the recipient's key?

Asymmetric key cryptography (B)

What aspect of symmetric key cryptography influences its encryption strength?

Length of the binary key (D)

What is the primary purpose of phishing tactics?

To obtain confidential information for financial gain (C)

Which of the following is NOT a tactic related to phishing?

Malware distribution (C)

What are the key goals associated with hacking?

Cybervandalism and data breaches (B)

What was the leading cause of data breaches in 2021?

Malicious code and human errors (B)

Which method is commonly used to establish customer identity for preventing credit card fraud?

E-signatures and multi-factor authentication (A)

Identity fraud primarily involves unauthorized use of which type of data?

Personal data for illegal financial benefit (A)

Which statement correctly describes cybervandalism?

It involves disrupting or destroying websites. (A)

What percentage increase in data breaches was noted in 2021 compared to 2020?

68% (B)

Flashcards

Phishing

A deceptive attempt by a third party to obtain confidential information online, typically for financial gain. It can involve social engineering, email scams, or spear phishing.

Hacking

Intentional access and manipulation of computer systems without authorization. Often involves cybervandalism, data breaches, and unauthorized access.

Cybervandalism

Disruptive, destructive, or defacing acts targeting websites or online systems, often carried out by hackers.

Hacktivism

Hacking motivated by political or social agendas, often used to raise awareness or protest against certain causes.

Data Breaches

The unauthorized loss of control over corporate information to external parties, leading to potential financial losses and reputational damage.

Credit Card Fraud/Theft

Illegal use of stolen credit card information for unauthorized purchases, often resulting from systematic hacking of corporate servers.

Identity Fraud/Theft

The unauthorized use of someone else's personal data, such as social security numbers, driver's licenses, or credit card numbers, for illegal financial benefit.

Establishing Customer Identity

A method of verifying identity through electronic signatures, multi-factor authentication, or fingerprint identification to enhance security measures.

Spoofing

Attempting to hide one's true identity by using someone else's email or IP address.

Sniffer

Eavesdropping program monitoring networks to gather data.

DoS Attack (Denial of Service Attack)

Overwhelming a website with excessive requests to cause it to crash.

DDoS Attack (Distributed Denial of Service Attack)

Using hundreds or thousands of computers to launch a DoS Attack.

DDoS Smokescreening

Using a DDoS attack as a distraction to insert malware or viruses or to steal data.

Insider Attack

A cyberattack originating from within a company, usually involving employee access to confidential information.

Insider Embezzlement

A type of insider attack where an employee misuses their access to company funds or assets.

DDoS Attack

A type of cyberattack aimed at flooding a server with so many requests that it becomes overloaded and unable to respond to legitimate traffic.

Malware

The practice of using malicious software to gain unauthorized access to a device or network, often for financial gain or to steal sensitive information.

Identity Theft

The practice of illegally using someone else's personal information, such as their identity documents or financial details, for personal gain or criminal activity.

Click Hijacking

A form of online fraud where users are tricked into clicking on fake links or ads that redirect them to malicious websites or download harmful software.

What are the two keys used in Public Key Cryptography?

Two mathematically related digital keys are used for encryption and decryption. One key, the public key, is widely disseminated, while the other, the private key, is kept secret by the owner.

How is encryption and decryption done in Public Key Cryptography?

The sender uses the recipient's public key to encrypt the message. The recipient then uses their private key to decrypt it.

How does Public Key Cryptography use digital signatures and hash digests?

The sender uses a hash function to create a unique digital fingerprint of the message. This hash is then encrypted with the recipient's public key, ensuring message integrity. The sender also encrypts the message and hash result with their private key, creating a digital signature for authenticity and verifying non-repudiation.

Define Symmetric Key Cryptography.

A cryptographic method where the sender and receiver use the same key to both encrypt and decrypt messages.

What determines the Strength of Symmetric Key Encryption?

The strength of the encryption is determined by the length of the binary key used.

What is Data Encryption Standard (DES)?

A cryptographic algorithm that uses a 56-bit key to encrypt and decrypt data.

What is the key requirement for each transaction in Symmetric Key Cryptography?

Sender and receiver use different sets of keys for each transaction.

What is Public Key Cryptography?

A type of cryptography that uses two mathematically related keys, a public key and a private key, for encryption and decryption.

Online Stored Value Systems

Online payment systems that store value in a consumer's bank account, checking account, or credit card account.

Buy Now Pay Later (BNPL)

A type of online payment system where consumers can make purchases and pay later, often with interest-free installments.

Mobile Payment Systems

Mobile phones used as payment devices, often utilizing NFC technology or QR codes.

Near Field Communication (NFC)

A wireless communication technology used in mobile payment systems, enabling short-range data exchange between devices.

Universal Proximity Mobile Wallet Apps

A type of mobile wallet app offered by companies like Apple, Google, and Samsung, allowing users to make payments with their smartphones.

Branded Store Proximity Wallet Apps

Mobile wallet apps offered by specific retailers or brands, allowing users to make payments at those stores.

Firewall

A security tool that uses rules to filter network traffic, blocking or allowing access to specific data based on predefined policies.

Proxy server

A software server acting as an intermediary between users and the internet, forwarding requests and responses, providing protection from external threats.

Intrusion detection system

A system that actively monitors network traffic for suspicious activity, detecting potential intrusions without preventing them.

Intrusion prevention system

A system that actively monitors network traffic for malicious activity and takes action to block or prevent harmful connections, protecting your network in real-time.

Risk assessment

Assessing potential threats and vulnerabilities to determine the likelihood and impact of cyberattacks.

Security policy

A comprehensive set of guidelines outlining security procedures, access controls, and acceptable use policies for data and network resources.

Authentication

The process of verifying a user's identity through various methods, such as passwords, biometrics, or multi-factor authentication.

Authorization

The process of granting specific permissions and access rights to users based on their roles and responsibilities.

Study Notes

E-commerce Security and Payment Systems

• E-commerce security involves multiple layers, considering technology, policies, and regulations.
• Key security issues in e-commerce include client, server, and communication pipeline vulnerabilities.
• Malicious code, including exploits, drive-by downloads, and malware, poses significant threats.
• Phishing, hacking, cybervandalism, and hacktivism are common e-commerce crimes.
• Data breaches, often caused by malicious code or human error, are major security concerns.
• Credit card fraud and theft remain serious issues.
• Identity theft involves unauthorized use of personal data for financial gain.
• Spoofing, pharming, and spam tactics target websites.
• Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks overwhelm systems.
• Insider attacks pose a significant threat due to privileged insider access.
• Social networks, mobile platforms, and cloud environments present unique security challenges.
• Security is not only about technology but also encompasses organizational policies and procedures.
• Encryption techniques, like symmetric and public key cryptography, play crucial roles in securing data.
• Digital certificates and public key infrastructure are components of secure communication systems.
• Firewalls and proxy servers protect networks.
• Essential security policies for businesses include risk assessment, security policies, implementation strategies, security organizations, access controls, and security policies.

Good E-commerce Security

• Implementing new technologies, organizational policies, industry standards, and government regulations are crucial for high security.
• The cost of security should be balanced against potential losses.
• Security often fails at the weakest link in the system.

The Tension Between Security and Other Values

• Security is not the only consideration; it must be balanced with ease of use and profitability.
• Adding more security measures can negatively impact usability and slow down systems.

Description

Test your knowledge on mobile payment systems and online stored value systems. This quiz covers various topics such as Buy Now Pay Later services, mobile wallet apps, and security concerns related to mobile platforms. Challenge yourself with these questions and learn more about the evolving landscape of digital payments.