Professional Documents
Culture Documents
1548
1548
Test Bank
Go to download the full and correct content document:
https://testbankdeal.com/product/e-commerce-2017-14th-edition-laudon-test-bank/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
https://testbankdeal.com/product/e-commerce-2017-13th-edition-
laudon-test-bank/
https://testbankdeal.com/product/e-commerce-2017-13th-edition-
laudon-solutions-manual/
https://testbankdeal.com/product/e-commerce-2018-14th-edition-
laudon-test-bank/
https://testbankdeal.com/product/e-commerce-2018-14th-edition-
laudon-solutions-manual/
E-Commerce Essentials 1st Edition Laudon Test Bank
https://testbankdeal.com/product/e-commerce-essentials-1st-
edition-laudon-test-bank/
https://testbankdeal.com/product/e-commerce-2015-11th-edition-
laudon-test-bank/
https://testbankdeal.com/product/e-commerce-2014-10th-edition-
laudon-test-bank/
https://testbankdeal.com/product/e-commerce-essentials-1st-
edition-laudon-solutions-manual/
https://testbankdeal.com/product/e-commerce-2015-11th-edition-
laudon-solutions-manual/
E-commerce 2018: Business. Technology. Society., 14e (Laudon/Traver)
Chapter 5 E-commerce Security and Payment Systems
2) ________ is the ability to ensure that e-commerce participants do not deny their online
actions.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
3) ________ is the ability to identify the person or entity with whom you are dealing on the
Internet.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
1
Copyright © 2019 Pearson Education, Inc.
4) Which of the following is an example of an integrity violation of e-commerce security?
A) A website is not actually operated by the entity the customer believes it to be.
B) A merchant uses customer information in a manner not intended by the customer.
C) A customer denies that he is the person who placed the order.
D) An unauthorized person intercepts an online communication and changes its contents.
Answer: D
Difficulty: Moderate
AACSB: Analytical thinking
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
5) ________ is the ability to ensure that an e-commerce site continues to function as intended.
A) Nonrepudiation
B) Authenticity
C) Availability
D) Integrity
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
7) ________ is the ability to ensure that messages and data are only available to those authorized
to view them.
A) Confidentiality
B) Integrity
C) Privacy
D) Availability
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
2
Copyright © 2019 Pearson Education, Inc.
8) Typically, the more security measures added to an e-commerce site, the slower and more
difficult it becomes to use.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
10) Which of the following statements about data breaches in 2016 is not true?
A) According to Symantec, the number of major breaches in 2016 increased from the number in
2015.
B) According to Symantec, the total number of data breaches in 2016 increased significantly
from the number in 2015.
C) According to Symantec, the total number of identities exposed by data breaches in 2016
increased to 1.1 billion.
D) According to the Identity Theft Resource Center, data breaches involving the business sector
represented over 45% of all breaches.
Answer: B
Difficulty: Difficult
AACSB: Application of knowledge
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
3
Copyright © 2019 Pearson Education, Inc.
12) The overall rate of online credit card fraud is ________ of all online card transactions.
A) less than 1%
B) around 5%
C) around 10%
D) around 15%
Answer: A
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
13) Which of the following has the Internet Advertising Bureau urged advertisers to abandon?
A) HTML
B) HTML5
C) Adobe Flash
D) Adobe Acrobat
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
15) Which of the following is not a key factor for establishing e-commerce security?
A) data integrity
B) technology
C) organizational policies
D) laws and industry standards
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
4
Copyright © 2019 Pearson Education, Inc.
16) Conficker is an example of a:
A) virus.
B) worm.
C) Trojan horse.
D) botnet.
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
18) Software that is used to obtain private user information such as a user's keystrokes or copies
of e-mail is referred to as:
A) spyware.
B) a backdoor.
C) browser parasite.
D) adware.
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
19) According to Symantec, almost half of the e-mail addresses involved in business e-mail
compromise (BEC) phishing that it analyzed had an IP address originating in:
A) China.
B) Russia.
C) Nigeria.
D) North Korea.
Answer: C
Difficulty: Easy
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
5
Copyright © 2019 Pearson Education, Inc.
20) What is the most frequent cause of stolen credit cards and card information today?
A) lost cards
B) the hacking and looting of corporate servers storing credit card information
C) sniffing programs
D) phishing attacks
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
23) The attack on Dyn Inc., in October 2016 is an example of which of the following?
A) SQL injection attack
B) browser parasite
C) DDoS attack
D) MitM attack
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
6
Copyright © 2019 Pearson Education, Inc.
24) Angler is an example of which of the following?
A) worm
B) exploit kit
C) phishing
D) hacktivism
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
25) Malware that comes with a downloaded file that a user requests is called a:
A) Trojan horse.
B) backdoor.
C) drive-by download.
D) PUP.
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
27) Which of the following was designed to cripple Iranian nuclear centrifuges?
A) Stuxnet
B) Flame
C) Snake
D) Storm
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
7
Copyright © 2019 Pearson Education, Inc.
28) Automatically redirecting a web link to a different address is an example of which of the
following?
A) sniffing
B) social engineering
C) pharming
D) DDoS attack
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
29) According to Symantec, the number of data breaches in 2016 increased by ________
compared to 2015.
A) 100%
B) 15%
C) 150%
D) 20%
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.1: Understand the scope of e-commerce crime and security problems, the
key dimensions of e-commerce security, and the tension between security and other values.
30) According to Ponemon Institute's 2017 survey, which of the following was not among the
causes of the most costly cybercrimes?
A) malicious insiders
B) malicious code
C) denial of service
D) botnets
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
31) ________ typically attack governments, organizations, and sometimes individuals for
political purposes.
A) Crackers
B) White hats
C) Grey hats
D) Hacktivists
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
8
Copyright © 2019 Pearson Education, Inc.
32) The Internet Advertising Bureau has urged advertisers to abandon Adobe Flash in favor of
HTML5.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
33) A Trojan horse appears to be benign, but then does something other than expected.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
36) Spoofing is the attempt to hide a hacker's true identity by using someone else's e-mail or IP
address.
Answer: TRUE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
37) Exploit kits can be purchased by users to protect their computers from malware.
Answer: FALSE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
38) A drive-by download is malware that comes with a downloaded file that a user intentionally
or unintentionally requests.
Answer: TRUE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
9
Copyright © 2019 Pearson Education, Inc.
39) Changeup is an example of a software vulnerability.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
40) What is the Internet of Things (IoT) and what security issues and challenges does it raise?
Answer: The Internet of Things (IoT) involves the use of the Internet to connect a wide variety
of sensors, devices, and machines, and is powering the development of a multitude of smart
connected things, such as home electronics (smart TVs, thermostats, home security systems, and
more). IoT also includes connected cars, medical devices and industrial equipment that supports
manufacturing, energy, transportation, and other industrial sectors.
Unfortunately, IoT raises a host of security issues similar to existing security challenges, but
even more challenging, given the need to deal with a wider range of devices, operating in a less
controlled, and global environment. In a world of connected things, the devices, the data
produced and used by the devices, and the systems and applications supported by those devices,
can all potentially be attacked. For instance, many IoT devices, such as sensors, are intended to
be deployed on a much greater scale than traditional Internet-connected devices, creating a vast
quantity of interconnected links that can be exploited. Existing tools, methods, and strategies
need to be developed to deal with this unprecedented scale. Many instances of IoT consist of
collections of identical devices that all have the same characteristics, which magnifies the
potential impact of security vulnerabilities.
Many IoT devices are anticipated to have a much longer service life than typical equipment,
which raises the possibility that devices may "outlive" manufacturer, leaving them without long-
term support that creates persistent vulnerabilities. Many IoT devices are intentionally designed
without the ability to be upgraded, or the upgrade process is difficult, which raises the possibility
that vulnerable devices cannot or will not be fixed, leaving them perpetually vulnerable. Many
IoT devices do not provide the user with visibility into the workings of the device or the data
being produced, nor alert the user when a security problem arises, so users may believe an IoT
device is functioning as intended when in fact, it may be performing in a malicious manner.
Finally, some IoT devices, such as sensors, are unobtrusively embedded in the environment such
that a user may not even be aware of the device, so a security breach might persist for a long
time before being noticed.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
10
Copyright © 2019 Pearson Education, Inc.
41) Discuss the Great Cannon. Who developed it, how has it been used, and how does it differ
from the Great Firewall?
Answer: The Great Cannon is the nickname given by researchers to a tool believed to be
developed by China that was used to launch a major DDoS attack in 2015 against the software
development platform GitHub, aimed specifically at two Chinese anti-censorship projects hosted
on the platform. Although originally thought to be part of the Great Firewall, which is a system
developed by China that allows it to censor Internet traffic, further investigation revealed that the
Great Cannon appears to be a separate distinct offensive system that is co-located with the Great
Firewall. The Great Cannon enables hackers to hijack traffic to individual IP addresses and uses
a man-in-the-middle attack to replace unencrypted content between a web server and the user
with malicious JavaScript that would load the two GitHub project pages every two seconds.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
42) What is a sniffing attack and how does it differ from a MitM attack?
Answer: A sniffer is a type of eavesdropping program that monitors information traveling over a
network. When used legitimately in a sniffing attack, hackers use sniffers to steal proprietary
information from a network, including passwords, e-mail messages, company files, and
confidential reports. A man-in-the-middle (MitM) attack also involves eavesdropping but is more
active than a sniffing attack, which typically involves passive monitoring. In a MitM attack, the
attacker can intercept communications between two parties who believe they are directly
communicating with one another, when in fact the attacker is controlling the communications.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
43) Discuss and explain the various types of malicious code and how they work. Include the
different types of viruses.
Answer: Malicious code includes a variety of threats such as viruses, worms, Trojan horses,
ransomware, and bot programs. A virus is a computer program that can replicate or make copies
of itself and spread to other files. Viruses can range in severity from simple programs that
display a message or graphic as a "joke" to more malevolent code that will destroy files or
reformat the hard drive of a computer, causing programs to run incorrectly. Worms are designed
to spread not only from file to file but from computer to computer and do not necessarily need to
be activated in order to replicate. A Trojan horse is not itself a virus because it does not replicate
but it is a method by which viruses or other malicious code can be introduced into a computer
system. It appears benign and then suddenly does something harmful. For example, it may
appear to be only a game and then it will steal passwords and mail them to another person. A
backdoor is a feature of worms, viruses, and Trojans that allow attackers to remotely access
compromised computers. Ransomware is a type of malware (often a worm) that locks your
computer or files to stop you from accessing them. Bot programs are a type of malicious code
that can be covertly installed on a computer when it is attached to the Internet. Once installed,
the bot responds to external commands sent by the attacker, and many bots can be coordinated
by a hacker into a botnet.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.2: Identify the key security threats in the e-commerce environment.
11
Copyright © 2019 Pearson Education, Inc.
44) Next generation firewalls provide all of the following except:
A) an application-centric approach to firewall control.
B) the ability to identify applications regardless of the port, protocol, or security evasion tools
used.
C) the ability to automatically update applications with security patches.
D) the ability to identify users regardless of the device or IP address.
Answer: C
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
46) All the following statements about symmetric key cryptography are true except:
A) in symmetric key cryptography, both the sender and the receiver use the same key to encrypt
and decrypt a message.
B) the Data Encryption Standard is a symmetric key encryption system.
C) symmetric key cryptography is computationally slower.
D) symmetric key cryptography is a key element in digital envelopes.
Answer: C
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
12
Copyright © 2019 Pearson Education, Inc.
48) All of the following statements about public key cryptography are true except:
A) public key cryptography uses two mathematically related digital keys.
B) public key cryptography ensures authentication of the sender.
C) public key cryptography does not ensure message integrity.
D) public key cryptography is based on the idea of irreversible mathematical functions.
Answer: B
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
49) Which of the following is the current standard used to protect Wi-Fi networks?
A) WEP
B) TLS
C) WPA2
D) WPA3
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
50) All of the following statements about PKI are true except:
A) the term PKI refers to the certification authorities and digital certificate procedures that are
accepted by all parties.
B) PKI is not effective against insiders who have a legitimate access to corporate systems
including customer information.
C) PKI guarantees that the verifying computer of the merchant is secure.
D) the acronym PKI stands for public key infrastructure.
Answer: C
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
13
Copyright © 2019 Pearson Education, Inc.
52) Which of the following dimensions of e-commerce security is not provided for by
encryption?
A) confidentiality
B) availability
C) message integrity
D) nonrepudiation
Answer: B
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
53) All of the following are methods of securing channels of communication except:
A) SSL/TLS.
B) digital certificates.
C) VPN.
D) FTP.
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
54) A ________ is hardware or software that acts as a filter to prevent unwanted packets from
entering a network.
A) firewall
B) virtual private network
C) proxy server
D) PPTP
Answer: A
Difficulty: Easy
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
14
Copyright © 2019 Pearson Education, Inc.
56) All of the following are used for authentication except:
A) digital signatures.
B) certificates of authority.
C) biometric devices.
D) packet filters.
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
57) An intrusion detection system can perform all of the following functions except:
A) examining network traffic.
B) setting off an alarm when suspicious activity is detected.
C) checking network traffic to see if it matches certain patterns or preconfigured rules.
D) blocking suspicious activity.
Answer: D
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
15
Copyright © 2019 Pearson Education, Inc.
60) Which of the following statements is not true?
A) Apple's Touch ID stores a digital replica of a user's actual fingerprint in Apple's iCloud.
B) Biometric devices reduce the opportunity for spoofing.
C) A retina scan is an example of a biometric device.
D) Biometric data stored on an iPhone is encrypted.
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
62) Which of the following is the most common protocol for securing a digital channel of
communication?
A) DES
B) SSL/TLS
C) VPN
D) HTTP
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
64) The easiest and least expensive way to prevent threats to system integrity is to install anti-
virus software.
Answer: TRUE
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
16
Copyright © 2019 Pearson Education, Inc.
65) Explain the difference between symmetric key cryptography and public key cryptography.
Which dimensions of e-commerce security does encryption address?
Answer: Symmetric key cryptography involves the use of a secret cipher that transforms plain
text into cipher text. Both the sender and the receiver use the same key to encrypt and decrypt the
message. The possibilities for simple substitution and transposition ciphers are endless, but there
are several flaws in these types of systems that make them inadequate for use today. First, for the
sender and the receiver to have the same key, it must be sent over a communication medium that
is insecure or they must meet in person to exchange the key. If the secret key is lost or stolen, the
encryption system fails. This method can be used effectively for data storage protection, but is
less convenient for e-mail since the correspondents must pass the secret key to one another over
another secure medium prior to commencing the communication. Second, in the digital age,
computers are so fast and powerful that these ancient encryption techniques can be quickly and
easily broken. Modern digital encryption systems must use keys with between 56 and 512 binary
digits to ensure that decryption would be unlikely. Third, for commercial use on an e-commerce
site each of the parties in a transaction would need a secret key. In a population of millions of
Internet users, thousands of millions of keys would be needed to accommodate all e-commerce
customers.
Public key cryptography solves the problem of exchanging keys. In this method every user has a
pair of numeric keys: private and public. The public key is not secret; on the contrary, it is
supposed to be disseminated widely. Public keys may be published in company catalogs or on
online. The public key is used by outside parties to encrypt the messages addressed to you. The
private or secret key is used by the recipient to decipher incoming messages. The main advantage
of a public key cryptographic system is its ability to begin secure correspondence over the
Internet without prior exchanging of the keys and, therefore, without the need for a meeting in
person or using conventional carriers for key exchange.
Encryption can provide four of the six key dimensions of e-commerce security. It can provide
assurance that the message has not been altered (integrity), prevent the user from denying that
he/she has sent the message (nonrepudiation), provide verification of the identity of the message
(authentication), and give assurance that the message has not been read by others
(confidentiality).
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
17
Copyright © 2019 Pearson Education, Inc.
66) What dimensions do digital signatures and hash digests add to public key cryptography and
how do they work?
Answer: Digital signatures and hash digests can add authentication, nonrepudiation, and
integrity when used with public key encryption. Encryption technology also allows for digital
signatures and authentication. The sender encrypts the message yet again using their private key
to produce a digital signature.
To check the confidentiality of a message and ensure it has not been altered in transit, a hash
function is used first to create a digest of the message. A hash function is an algorithm that
produces a fixed-length number called a hash or message digest. To ensure the authenticity of the
message and to ensure nonrepudiation, the sender encrypts the entire block of cipher text one
more time using the sender's private key. This produces a digital signature or "signed" cipher
text. The result of this double encryption is sent over the Internet to the recipient. Then, the
recipient first uses the sender's public key to authenticate the message. Once authenticated, the
recipient uses his or her private key to obtain the hash result and original message. As a final
step, the recipient applies the same hash function to the original text and compares the result with
the result sent by the sender. If the results are the same, the recipient now knows the message has
not been changed during transmission. The message has integrity.
Difficulty: Difficult
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
18
Copyright © 2019 Pearson Education, Inc.
67) Discuss the security of communications channels. Include definitions and explanations for
the terms Secure Sockets Layer/Transport Layer Security (SSL/TLS), secure negotiated session,
session key, and VPN.
Answer: The Secure Sockets Layer of the Transmission Control Protocol/Internet Protocol
(TCP/IP) communications protocol is the main method for securing communications channels on
the Web. When you receive a message from a web server then you will be communicating
through a secure channel; this means that SSL/TLS will be used to establish a secure negotiated
session. A secure negotiated session is a client-server session in which the URL of the requested
document, its contents, and the contents of the forms filled out by the user on the page, as well as
the cookies that are exchanged, are all encrypted. The browser and the server exchange digital
certificates with one another, determine the strongest shared form of encryption, and begin
communicating using a unique symmetric encryption key, agreed upon for just this encounter.
This is called a session key. SSL/TLS provides data encryption, server authentication, optional
client authentication (as yet still rare for individual users), and message integrity for the TCP/IP
connections between two computers.
SSL/TLS addresses the threat of authenticity by allowing users to verify another user's identity
or the identity of a server. It also protects the integrity of the messages exchanged. However,
once the merchant receives the encrypted credit and order information, that information is
typically stored in unencrypted format on the merchant's servers. While SSL/TLS provides
secure transactions between merchant and consumer, it only guarantees server-side
authentication. Client authentication is optional. In addition, SSL/TLS cannot provide
irrefutability — consumers can order goods or download information products and then claim
the transaction never occurred.
Virtual private networks (VPNs) enable remote users to access an internal network from the
Internet. They use protocols to create a private connection between a user on a local ISP and a
private network. This process is called tunneling because it creates a private connection by
adding an encrypted wrapper around the message to hide its content. It is called virtual because it
appears to be a dedicated secure line when in fact it is a temporary secure line. VPNs are used
primarily for transactions between business partners because dedicated connections can be very
expensive. The Internet and VPNs can be used to significantly reduce the costs of secure
communications.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.3: Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
19
Copyright © 2019 Pearson Education, Inc.
68) What is the first step in developing an e-commerce security plan?
A) Create a security organization.
B) Develop a security policy.
C) Perform a risk assessment.
D) Perform a security audit.
Answer: C
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.4: Appreciate the importance of policies, procedures, and laws in creating
security.
69) To allow lower-level employees access to the corporate network while preventing them from
accessing private human resources documents, you would use:
A) access controls.
B) an authorization management system.
C) security tokens.
D) an authorization policy.
Answer: B
Difficulty: Easy
AACSB: Information technology
Learning Objective: 5.4: Appreciate the importance of policies, procedures, and laws in creating
security.
71) All of the following are examples of social/mobile peer-to-peer payment systems except:
A) Venmo.
B) Bill Me Later.
C) Square Cash.
D) Google Wallet.
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
20
Copyright © 2019 Pearson Education, Inc.
72) All of the following statements about Apple Pay are true except which of the following?
A) Apple Pay is subject to regulations issued by the Bureau of Consumer Financial Protection
applicable to GPR transactions.
B) Apple Pay is based on Touch ID biometric fingerprint scanning.
C) Apple Pay can be used for mobile payments at the point of sale at a physical store.
D) Apple Pay relies on NFC chip technology.
Answer: A
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
75) Which of the following is not a major trend in e-commerce payments in 2017-2018?
A) Mobile retail payment volume decreases.
B) PayPal remains the most popular alternative payment method.
C) Google refocuses Google Wallet solely on sending and receiving money.
D) Payment by credit and/or debit card remains the dominant form of online payment.
Answer: A
Difficulty: Moderate
AACSB: Application of knowledge
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
21
Copyright © 2019 Pearson Education, Inc.
76) All of the following are limitations of the existing online credit card payment system except:
A) poor security.
B) cost to consumers.
C) cost to merchant.
D) social equity.
Answer: B
Difficulty: Moderate
AACSB: Application of knowledge
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
77) Linden Dollars, created for use in Second Life, are an example of:
A) digital cash.
B) virtual currency.
C) EBPP.
D) peer-to-peer payment systems.
Answer: B
Difficulty: Moderate
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
78) Which of the following is a set of short-range wireless technologies used to share
information among devices within about two inches of each other?
A) DES
B) NFC
C) IM
D) text messaging
Answer: B
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
79) PayPal is the most popular alternative payment method in the United States.
Answer: TRUE
Difficulty: Easy
AACSB: Application of knowledge
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
22
Copyright © 2019 Pearson Education, Inc.
81) Digital cash is legal tender that is instantly convertible into other forms of value without the
intermediation of any third parties.
Answer: FALSE
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
83) Explain how an online credit card transaction works, identifying the parties involved and
describing how SSL/TLS is involved. What are the limitations of online credit card payment
systems?
Answer: The five parties involved in a credit card transaction are the consumer, the merchant,
the clearinghouse, the merchant bank (acquiring bank), and the consumer's card issuing bank.
The basic payment transaction process works like this: The consumer first makes an online
payment by sending his or her credit card information via an online form at the merchant's
website. Once this information is received by the merchant, the merchant software contacts a
clearinghouse (a financial intermediary that authenticates credit cards and verifies account
balances). The clearinghouse contacts the card issuing bank to verify the account information.
Once verified, the issuing bank credits the account of the merchant at the merchant's bank. The
debit to the consumer account is transmitted to the consumer in a monthly statement. SSL is
involved in sending the consumer's credit card information safely to the merchant's website.
When the consumer checks out using the merchant's shopping cart software, a secure tunnel
through the Internet is created using SSL/TLS. Using encryption, SSL/TSL secures the session
during which credit card information will be sent to the merchant and protects the information
from interlopers on the Internet.
There are a number of limitations to the existing credit card payment system, most importantly
involving security, merchant risk, cost, and social equity. The security of the transaction is very
poor because neither the merchant nor the consumer can be fully authenticated. The risks
merchants face is high. Banks think of Internet credit card orders as the same type of transactions
as mail orders or telephone orders. In these transactions, the credit card is not present. There is
no way for the merchant to verify the legitimacy of the customer's card or identity before
confirming the order. In these transactions, the merchant carries all the risk for fraudulent credit
card use. Consumers can disclaim charges even though the items have already been shipped.
Merchants also must pay significant charges. These high costs make it unprofitable to sell small
items such as individual articles or music tracks over the Internet. Furthermore, credit cards are
not very democratic. Millions of young adults and other adult Americans who cannot afford
credit cards or who have low incomes and are, therefore, considered poor credit risks cannot
participate in e-commerce as it is presently structured in the United States.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.5: Identify the major e-commerce payment systems in use today.
23
Copyright © 2019 Pearson Education, Inc.
84) Today, online bill payment accounts for ________ of all bill payments, while paper checks
account for ________.
A) less than 10%; less than 25%
B) about 25%; about 10%
C) more than 55%; less than 20%
D) 100%; 0%
Answer: C
Difficulty: Difficult
AACSB: Information technology
Learning Objective: 5.6: Describe the features and functionality of electronic billing
presentment and payment systems.
24
Copyright © 2019 Pearson Education, Inc.
85) Define and explain how EBPP systems work. Describe each of the main EBPP business
models.
Answer: EBPP refers to electronic billing presentment and payment systems, which are systems
that enable the online delivery and payment of monthly bills. EBPP services allow consumers to
view bills electronically using either their desktop PC or mobile device and pay them through
electronic funds transfers from bank or credit card accounts. More and more companies are
choosing to issue statements and bills electronically, rather than mailing out paper versions,
especially for recurring bills such as utilities, insurance, and subscriptions.
There are four main types of EBPP business models: online banking, biller-direct, mobile, and
consolidator. The online banking model is the most widely used today. Consumers establish an
online payment service with their banks and use it to pay bills as they come due or automatically
make payments for, say, rent. The payments are made directly to the seller's bank account. This
model has the advantage of convenience for the consumer because the payments are deducted
automatically, usually with a notice from the bank or the merchant that their account has been
debited. In the biller-direct model, consumers are sent bills by e-mail notification, and go to the
merchant's website to make payments using their banking credentials. This model has the
advantage of allowing the merchant to engage with the consumer by sending coupons or
rewards.
The biller-direct model is a two-step process, and less convenient for consumers. The mobile
model allows consumers to make payments using mobile apps, once again relying on their bank
credentials as the source of funds. Consumers are notified of a bill by text message and authorize
the payment. An extension of this is the social-mobile model, where social networks like
Facebook integrate payment into their messaging services. The mobile model has several
advantages, not least of which is the convenience for consumers of paying bills while using their
phones, but also the speed with which bills can be paid in a single step. This is the fastest
growing form of EBPP. In 2016, Facebook and PayPal announced a deal in which Facebook
users can pay for purchases on Facebook using PayPal.
In 2017, Facebook Messenger can be used for P2P payments and payments to groups to pay for
meals and other activities. Facebook is not charging for these transfers, and receives 97% of its
Messenger revenue from advertising. In the consolidator model, a third party, such as a financial
institution or a focused portal such as Intuit's Paytrust, Fiserv's MyCheckFree, Mint Bills, and
others, aggregates all bills for consumers and permits one-stop bill payment. This model has the
advantage of allowing consumers to see all their bills at one website or app. However, because
bills come due at different times, consumers need to check their portals often. The consolidator
model faces several challenges. For billers, using the consolidator model means an increased
time lag between billing and payment, and inserts an intermediary between the company and its
customer. Supporting these primary business models are infrastructure providers such as Fiserv,
Yodlee, FIS Global, ACI Worldwide, MasterCard RPPS (Remote Payment and Presentment
Service), and others that provide the software to create the EBPP system or handle billing and
payment collection for the biller.
Difficulty: Moderate
AACSB: Analytical thinking; Information technology; Written and oral communication
Learning Objective: 5.6: Describe the features and functionality of electronic billing
presentment and payment systems.
25
Copyright © 2019 Pearson Education, Inc.
Another random document with
no related content on Scribd:
historically reserved for liberals. Their series of defeats comes from a
failure to see that there is an intellectually defensible position on the
right. They persist with the argument from circumstance, which never
wins any major issues, and sometimes, as we have noted, they are
left without the circumstance.
I shall suggest that this story has more than an academic interest
for an age which has seen parliamentary government exposed to
insults, some open and vicious, some concealed and insidious.
There are in existence many technological factors which themselves
constitute an argument from circumstance for one-party political rule.
Indeed, if the trend of circumstances were our master term, we
should almost certainly have to favor the one-party efficiency system
lately flourishing in Europe. The centralization of power, the
technification of means of communication, the extreme peril of
political divisiveness in the face of modern weapons of war, all
combine to put the question, “What is the function of a party of
opposition in this streamlined world anyhow?” Its proper function is
to talk, but talking, unless it concerns some opposition of principles,
is but the wearisome contention of “ins” and “outs.” Democracy is a
dialectical process, and unless society can produce a group
sufficiently indifferent to success to oppose the ruling group on
principle rather than according to opportunity for success, the idea of
opposition becomes discredited. A party which can argue only from
success has no rhetorical topic against the party presently enjoying
success.
The proper aim of a political party is to persuade, and to persuade
it must have a rhetoric. As far as mere methods go, there is nothing
to object to in the argument from circumstance, for undeniably it has
a power to move. Yet it has this power through a widely shared
human weakness, which turns out on examination to be
shortsightedness. This shortsightedness leads a party to positions
where it has no policy, or only the policy of opposing an incumbent.
When all the criteria are brought to bear, then, this is an inferior
source of argument, which reflects adversely upon any habitual user
and generally punishes with failure. Since, as we have seen, it is
grounded in the nature of a situation rather than in the nature of
things, its opposition will not be a dialectically opposed opposition,
any more than was Burke’s opposition to the French Revolution. And
here, in substance, I would say, is the great reason why Burke
should not be taken as prophet by the political conservatives. True,
he has left many wonderful materials which they should assimilate.
His insights into human nature are quite solid propositions to build
with, and his eloquence is a lesson for all time in the effective power
of energy and imagery. Yet these are the auxiliary rhetorical appeals.
For the rhetorical appeal on which it will stake its life, a cause must
have some primary source of argument which will not be
embarrassed by abstractions or even by absolutes—the general
ideas mentioned by Tocqueville. Burke was magnificent at
embellishment, but of clear rational principle he had a mortal distrust.
It could almost be said that he raised “muddling through” to the
height of a science, though in actuality it can never be a science. In
the most critical undertaking of all, the choice of one’s source of
argument, it would be blindness to take him as mentor. To find what
Burke lacked, we now turn to the American Abraham Lincoln, who
despite an imperfect education, discovered that political arguments
must ultimately be based on genus or definition.
Chapter IV
ABRAHAM LINCOLN AND THE
ARGUMENT FROM DEFINITION
Although most readers of Lincoln sense the prevailing aspect of
his arguments, there has been no thoughtful treatment of this
interesting subject. Albert Beveridge merely alludes to it in his
observation that “In trials in circuit courts Lincoln depended but little
on precedents; he argued largely from first principles.”[73] Nicolay
and Hay, in describing Lincoln’s speech before the Republican
Banquet in Chicago, December 10, 1856, report as follows: “Though
these fragments of addresses give us only an imperfect reflection of
the style of Mr. Lincoln’s oratory during this period, they nevertheless
show its essential characteristics, a pervading clearness of analysis,
and that strong tendency toward axiomatic definition which gives so
many of his sentences their convincing force and durable value.”[74]
W. H. Herndon, who had the opportunity of closest personal
observation, was perhaps the most analytical of all when he wrote:
“Not only were nature, man, and principle suggestive to Mr. Lincoln;
not only had he accurate and exact perceptions, but he was
causative; his mind apparently with an automatic movement, ran
back behind facts, principles, and all things to their origin and first
cause—to the point where forces act at once as effect and
cause.”[75] He observed further in connection with Lincoln’s practice
before the bar: “All opponents dreaded his originality, his
condensation, definition, and force of expression....”[76]
Our feeling that he is a father of the nation even more convincingly
than Washington, and that his words are words of wisdom when
compared with those of the more intellectual Jefferson and the more
academic Wilson strengthen the supposition that he argued from
some very fundamental source. And when we find opinion on the
point harmonious, despite the wide variety of description his
character has undergone, we have enough initial confirmation to go
forward with the study—a study which is important not alone as
showing the man in clearer light but also as showing upon what
terms conservatism is possible.
It may be useful to review briefly the argument from definition. The
argument from definition, in the sense we shall employ here,
includes all arguments from the nature of the thing. Whether the
genus is an already recognized convention, or whether it is defined
at the moment by the orator, or whether it is left to be inferred from
the aggregate of its species, the argument has a single postulate.
The postulate is that there exist classes which are determinate and
therefore predicable. In the ancient proposition of the schoolroom,
“Socrates is mortal,” the class of mortal beings is invoked as a
predicable. Whatever is a member of the class will accordingly have
the class attributes. This might seem a very easy admission to gain,
but it is not so from those who believe that genera are only figments
of the imagination and have no self-subsistence. Such persons hold,
in the extreme application of their doctrine, that all deduction is
unwarranted assumption; or that attributes cannot be transferred by
imputation from genus to species. The issue here is very deep, going
back to the immemorial quarrel over universals, and we shall not
here explore it further than to say that the argument from definition or
genus involves a philosophy of being, which has divided and
probably will continue to divide mankind. There are those who seem
to feel that genera are imprisoning bonds which serve only to hold
the mind in confinement. To others, such genera appear the very
organon of truth. Without going into that question here, it seems safe
to assert that those who believe in the validity of the argument from
genus are idealists, roughly, if not very philosophically, defined. The
evidence that Lincoln held such belief is overwhelming; it
characterizes his thinking from an early age; and the greatest of his
utterances (excepting the Gettysburg Address, which is based upon
similitude) are chiefly arguments from definition.
In most of the questions which concerned him from the time he
was a struggling young lawyer until the time when he was charged
with the guidance of the nation, Lincoln saw opportunity to argue
from the nature of man. In fact, not since the Federalist papers of
James Madison had there been in American political life such candid
recourse to this term. I shall treat his use of it under the two heads of
argument from a concept of human nature and argument from a
definition of man.
Lincoln came early to the conclusion that human nature is a fixed
and knowable thing. Many of his early judgments of policy are based
on a theory of what the human being qua human being will do in a
given situation. Whether he had arrived at this concept through
inductive study—for which he had varied opportunity—or through
intuition is, of course, not the question here; our interest is in the
reasoning which the concept made possible. It appears a fact that
Lincoln trusted in a uniform predictability of human nature.
In 1838, when he was only twenty-nine years old, he was invited
to address the Young Men’s Lyceum of Springfield on the topic “The
Perpetuation of Our Political Institutions.” In this instance, the young
orator read the danger to perpetuation in the inherent evil of human
nature. His argument was that the importance of a nation or the
sacredness of a political dogma could not withstand the hunger of
men for personal distinction. Now the founders of the Union had won
distinction through that very role, and so satisfied themselves. But
oncoming men of the same breed would be looking for similar
opportunity for distinction, and possibly would not find it in tasks of
peaceful construction. It seemed to him quite possible that in the
future bold natures would appear who would seek to gain distinction
by pulling down what their predecessors had erected. To a man of
this nature it matters little whether distinction is won “at the expense
of emancipating slaves or enslaving freemen.”[77] The fact remains
that “Distinction will be his paramount object,” and “nothing left to be
done in the way of building up, he would set boldly to the task of
pulling down.”[78] In this way Lincoln held personal ambition to be
distinctive of human nature, and he was willing to predict it of his
fellow citizens, should their political institutions endure “fifty times” as
long as they had.
Another excellent example of the use of this source appears in a
speech which Lincoln made during the Van Buren administration.
Agitation over the National Bank question was still lively, and a bill
had been put forward which would have required the depositing of
Federal funds in five regional subtreasuries, rather than in a National
Bank, until they were needed for use. At a political discussion held in
the Illinois House of Representatives, Lincoln made a long speech
against the proposal in which he drew extensively from the topic of
the nature of human nature. His reasoning was that if public funds
are placed in the custody of subtreasurers, the duty and the personal
interest of the custodians may conflict. “And who that knows
anything of human nature doubts that in many instances interest will
prevail over duty, and that the subtreasurer will prefer opulent
knavery in a foreign land to honest poverty at home.”[79] If on the
other hand the funds were placed with a National Bank, which would
have the privilege of using the funds, upon payment of interest, until
they are needed, the duty and interest of the custodian would
coincide. The Bank plan was preferable because we always find the
best performance where duty and self-interest thus run together.[80]
Here we see him basing his case again on the infallible tendency of
human nature to be itself.
A few years later Lincoln was called upon to address the
Washingtonian Temperance Society, which was an organization of
reformed drink addicts. This speech is strikingly independent in
approach, and as such is prophetic of the manner he was to adopt in
wrestling with the great problems of union and slavery. Instead of
following the usual line of the temperance advocate, with its tone of
superiority and condemnation, he attacked all such approaches as
not suited to the nature of man. He impressed upon his hearers the
fact that their problem was the problem of human nature, “which is
God’s decree and can never be reversed.” He then went on to say
that people with a weakness for drink are not inferior specimens of
the race but have heads and hearts that “will bear advantageous
comparison with those of any other class.” The appeal to drink
addicts was to be addressed to men, and it could not take the form
of denunciation “because it is not much in the nature of man to be
driven to anything; still less to be driven about that which is
exclusively his own business.” When one seeks to change the
conduct of a being of this nature, “persuasion, kind, unassuming
persuasion should ever be adopted.” He then summed up his point:
“Such is man and so must he be understood by those who would
lead him, even to his own best interests.”[81]
One further instance of this argument may be cited. About 1850
Lincoln compiled notes for an address to young men on the subject
of the profession of law. Here again we find a refreshingly candid
approach, looking without pretense at the creature man. One piece
of advice which Lincoln urged upon young lawyers was that they
never take their whole fee in advance. To do so would place too
great a strain upon human nature, which would then lack the needful
spur to industry. “When fully paid beforehand, you are more than a
common mortal if you can feel the same interest in the case, as if
something was still in prospect for you, as well as for your client.”[82]
As in the case of the subtreasury bill, Lincoln saw the yoking of duty
and self-interest as a necessity of our nature.
These and other passages which could be produced indicate that
he viewed human nature as a constant, by which one could
determine policy without much fear of surprise. Everything peripheral
Lincoln referred to this center. His arguments consequently were the
most fundamental seen since a group of realists framed the
American government with such visible regard for human passion
and weakness. Lincoln’s theory of human nature was completely
unsentimental; it was the creation of one who had taken many
buffetings and who, from early bitterness and later indifference,
never affiliated with any religious denomination. But it furnished the
means of wisdom and prophecy.
With this habit of reasoning established, Lincoln was ideally
equipped to deal with the great issue of slavery. The American civil
conflict of the last century, when all its superficial excitements have
been stripped aside, appears another debate about the nature of
man. Yet while other political leaders were looking to the law, to
American history, and to this or that political contingency, Lincoln
looked—as it was his habit already to do—to the center; that is, to
the definition of man. Was the negro a man or was he not? It can be
shown that his answer to this question never varied, despite
willingness to recognize some temporary and perhaps even some
permanent minority on the part of the African race. The answer was
a clear “Yes,” and he used it on many occasions during the fifties to
impale his opponents.
The South was peculiarly vulnerable to this argument, for if we
look at its position, not through the terms of legal and religious
argument, often ingeniously worked out, but through its actual
treatment of the negro, that position is seen to be equivocal. To
illustrate: in the Southern case he was not a man as far as the
“inalienable rights” go, and the Dred Scott decision was to class him
as a chattel. Yet on the contrary the negro was very much a man
when it came to such matters as understanding orders, performing
work, and, as the presence of the mulatto testified, helping to
procreate the human species. All of the arguments that the pro-
slavery group was able to muster broke against the stubborn fact,
which Lincoln persistently thrust in their way, that the negro was
somehow and in some degree a man.
For our first examination of this argument, we turn to the justly
celebrated speech at Peoria, October 16, 1854. Lincoln had actually
begun to lose interest in politics when the passage of the highly
controversial Kansas-Nebraska Bill in May, 1854, reawakened him. It
was as if his moral nature had received a fresh shock from the
tendencies present in this bill; and he began in that year the battle
which he waged with remarkable consistency of position until he won
the presidency of the Union six years later. The Speech at Peoria
can be regarded as the opening gun of this campaign.
The speech itself is a rich study in logic and rhetoric, wherein one
finds the now mature Lincoln showing his gift for discovering the
essentials of a question. After promising the audience to confine
himself to the “naked merits” of the issue and to be “no less than
national in all the positions” he took, he turned at once to the topic of
domestic slavery. Here arguments from the genus “man” follow one
after another. Lincoln uses them to confront the Southern people
with their dilemma.
And this issue embraces more than the fate of these United
States. It presents to the whole family of man the question of
whether a constitutional republic or democracy—a
government of the people by the same people—can or cannot
maintain its territorial integrity against its own domestic foes. It
presents the question whether discontented individuals, too
few in numbers to control administration according to organic
law in any case, can always, upon the pretenses made in this
case, or on any other pretenses, or arbitrarily without any
pretense, break up their government, and thus practically put
an end to free government upon the earth. It forces us to ask:
“Is there, in all republics, this inherent and fatal weakness?”
“Must a government, of necessity, be too strong for the
liberties of its own people, or too weak to maintain its own
existence?”[96]
This was the doctrine of the legal aspect of slavery which was to
be amplified in the Second Annual Message to Congress: