More than Just Lines on a Map: Best Practices for U.S Bike Routes
MBA657_ResearchRpt_Waiters
1. Allen Waiters
MBA 657
Final Project/Research Paper
August 5, 2015
There are many challenges that many organizations face when it comes
information security. As much as the world is becoming more modernized through
advancement in technology, especially through computers, simple transactions that can
be done over the internet that are convenient to consumers, business managers, or
even CEOs can turn into a disaster.
The company I chose to research was Apple and to understand major security
threats that can damage the corporation and exploits its vulnerabilities. With Apple
being the top grossing company in the world, they have faced many security threats
whether it’s from random hackers trying to obtain companies secrets to sell them on the
black market or to Apple’s competitors.
The research that I have chosen to focus on is cybercrime committed by hackers
using channels like Apple Pay to defraud banks and customers. Cybercrime has been
on the rise with the convenience and easy use of mobile devices. Hackers no longer
need to sit at a computer to hack in to a company’s information security system, they
can use smartphones to hack into accounts, commit fraud, and identity theft.
Criminals using Apple Pay is also a threat to third-party providers like credit card
companies because they have no or a weak authentication system which allows cyber
criminals easy access to use Apple pay.
2. As a MBA student with a concentration in information technology, I believe my
research in cybercrime will be a valuable asset to me and my future employer. Many
companies do not know of threats especially when it comes to cyber security.
With this information I hope to present these findings to personnel in my
company that I will work for in the future whether it be the CEO of the company, CIO, or
other upper management personnel.
This topic is intriguing and hopefully gaining knowledge on this subject will allow
me to help prevent future cybercrimes to a company that I may be working for or enable
me to develop preventative measures to mitigate any damages that my company may
incur.
The threat of cybercrime toward Apple is criminals using Apple Pay to defraud
banks. This is closely related to the topic of cybercrime as cyber criminals can access a
credit card or debit card accounts that are tied to Apple Pay to commit fraud, steal
customers’ identities, and sell their information on the black market to other buyers who
will use that information to make replica cards.
This is an issue that managers need to be aware especially those who manage
retail. Hackers will continually try to gain access to sensitive big data like customer
credit/debit account information. The problem is that many consumers and companies
prefer to use Apple Pay for purchases, mostly to avoid paying credit card fees. They
also believe it is more secure than using a standard credit card.
As of now, Apple has not done anything to address the threat of hackers using
Apple Pay to defraud banks or gain access to customer information. The banks and
3. credit card companies also have not taken any measures to ensure that the people
using Apple Pay are the actual people whose information is on their credit cards are the
actual people and not the hackers.
The lack of security measures or preventative measures for this threat has made
it easy for cybercriminals to easily defraud banks and use consumer information to
make purchases.
According to Drop Labs’ Cherian Abraham “It is unconscionable that Apple did
not, and was not strongly advised by its partners to make the Yellow Path
implementation (by an issuer) mandatory sooner than it did, which was four weeks
before [Apple Pay’s] launch (Mello, 2015).
A lot of security experts say that Apple is to blame for this security threat since
they have not done anything that will authenticate the user of Apple Pay. Others argue
that the banks are at fault for not authenticating the user and that it’s not the fault of
Apple since most of the information of the accounts is held by the banks or the credit
card companies.
Fraud experts blame the security problems on “poor back-end authentication
practices by banks, which are failing to adequately verify cards when they get loaded to
an iPhone, in advance to Apple Pay purchases”.
Most Apple devices are mostly secure from Malware compared to android
devices. Apple devices do have security awareness software that will send information
to the banks and users of any possible fraudulent activity but there is no indication if the
accounts can be frozen if the activities that are suspicious are fraudulent.
4. Banks have not been able to strike an accord with Apple with issues of Apple
Pay related fraudulent transactions. If this issue is not solved, many banks and retailers
will be less acceptable to allow customers to use Apple Pay for purchases.
Gartner analyst Avivah Litan states that “Some banks have had a very negative
reaction to Apple Pay fraud, and in the words of one banker ‘Apple has thrown them
under the bus’ and should take more responsibility for fraudulent enrollments, since they
are all done through Apple accounts (Kitten, 2015)”.
Apple has implemented security controls to address the threat. The company
has introduced what is called the “yellow path” which is used to obtain more information
for background checks on from banks and credit/debit card issuers (Paganini,2015).
Apple also has implemented security measures in their devices like iPhone and
iWatch that will alert the user of Apple Pay and the credit card company of fraudulent
activities.
Banks and credit card companies will also need to make security measures like
further authentication of the user of the Apple Pay account. However, many banks feel
that they don’t have they should not be burden in making security measures to prevent
cybercrime since the fraudulent transactions were made using Apple Pay.
There are many challenges in implementing security measures to prevent
cybercrimes over transactions using electronic payment methods like Apple Pay. The
first challenge is how to make sure Apple Pay is secure and convenient to use without it
being a burden to consumer?
5. Banks want more security to prevent fraud and identity theft but realize that many
customers like using electronic payment because it is convenient and customers don’t
have to show their credit cards but use their iPhone or iWatch.
The second challenge is can the banks, credit card companies, and Apple come
up with a security plan that can be implemented when using Apple Pay? Banks and
credit card companies feel that they should not be burden with paying fees from
fraudulent activities and believe that Apple is responsible if fraud occurs since the
customer used Apple Pay.
The credit card companies and banks may have to make a collaborative effort
with Apple to make a layered authentication security system that may include an
encryption key or login password for the Apple Pay user.
Many users have to authenticate or verify they are the user by contacting the call
center for Apple Pay. Hackers can easily gain access to a person’s Apple Pay account
by obtaining the information through the use of Malware. After getting the information,
hackers can add a stolen credit card to the account. However, Apple Pay has a good
track record from protection from malware attacks and software.
Fraud and identity theft from hacking is not too uncommon. Many hackers do not
get caught and leave the victims with a heavy burden. The first case of cybercrime that
affected many organizations due to fraud and identity theft was Target. In 2013, during
the days before Thanksgiving, a malware program was installed and used to obtain
consumers’ credit card numbers. The number were stored on a Target server and later
6. accessed by the hackers. Approximately 1,797 U.S. stores were affected from the
malware.
Target was prepared for the attack because it recently installed a $1.6 million
dollar Malware detection software program to alert the company if an attack were to
happen.
The attack was successful, 40 million credit card numbers, 70 million addresses,
phone numbers, and other pieces of information was compromised (). Due to the
breach, Target conducted interviews with expert security personnel in how to improve
their data security and learned what to do in the occurrence of another hacker attack.
Target did suffer damages to its reputation, data stolen, and the loss of customer
loyalty because of the breach. Target spent about $61 million dollars to repair the
damages from the data breach and suffered a profit loss during that quarter. Over
ninety lawsuits were also filed against Target for negligence to prevent the data breach
and compensatory damages are being sought by banks, credit card companies, and
customers.
The second case of organizations that failed to defend against the threat of
hackers breaching data and using fraud involves J.C. Penny, JetBlue Airways, Nasdaq,
Visa, and French retailer Carrefour. The hackers stole 160 million credit card numbers
which resulted in over $300 million dollars in losses between the companies.
A malware was used so the hackers could gain entry to obtain the credit card
numbers and other information from the companies. The breach of data cause
reputational damages to the companies and exposure to sensitive data.
7. Cybercrime involving identity theft and fraud have been on the rise for a while
now and companies have to information technology security measures that will protect
them from hacker attacks.
Companies will have to implement plans and anticipate how data breach can be
mitigated. For most companies one solution is to have an intrusion detection system.
Many tech companies, banks, government contractor companies have an intrusion
detection system that will alert the companies of an impending attack.
Vulnerability testing is another good measure to thwart an attack from hackers.
Many companies don’t realize that they vulnerable to outside attacks from hackers or
Malware because they don’t test their security system which could be outdated.
Layer security could be another measure that can help prevent hackers from
gaining access to data. Many credit card companies have layer security which may
include multiple passwords and authenticating to see if the user of credit card is the
person who they say it is.
Another measure to use to mitigate fraud and identity theft is to have
collaboration with the credit card companies and Apple to have an authentication
system to verify the user of the card and alert the companies when fraudulent activity
will occur.
Fraud is not new and has been increasing with hackers using malware to obtain
information of credit cards from unsuspecting consumers and banks. Even with mobile
payment platforms like Apple Pay, consumers and banks can still fall victim to fraud
8. because of the lack of a strong authentication system that can verify the customer or if
it’s a hacker.
Mello, John P. “Apple Pay Cybercrime Burns”
http://www.ecommercetimes.com/story/81779.html?rss=1
Singleton, Micah “Does Apple Pay really have a fraud problem?”
http://www.theverge.com/2015/3/4/8149663/apple-pay-credit-card-fraud-banks
Ragan, Steven “Crooks Targeting Call Centers to further Apple Pay Fraud”
http://www.csoonline.com/article/2891673/loss-prevention/crooks-targeting-call-centers-
to-further-apple-pay-fraud.html
Paganini, Pierluigi, “Cyber Criminals target call center operators in Apple Pay
Fraud Schema” http://www.bankinfosecurity.com/apple-watch-x-security-questions-a-
7997/op-1#
Kitten,Tracy “Apple Watch: 8 Security issues ”
http://www.bankinfosecurity.com/apple-watch-x-security-questions-a-7997/op-1#