SlideShare una empresa de Scribd logo

MBA657_ResearchRpt_Waiters

Descargar como DOCX, PDF
A
Allen K. Waiters
1 de 9
Allen Waiters MBA 657 Final Project/Research Paper August 5, 2015 There are many challenges that many organizations face when it comes information security. As much as the world is becoming more modernized through advancement in technology, especially through computers, simple transactions that can be done over the internet that are convenient to consumers, business managers, or even CEOs can turn into a disaster. The company I chose to research was Apple and to understand major security threats that can damage the corporation and exploits its vulnerabilities. With Apple being the top grossing company in the world, they have faced many security threats whether it’s from random hackers trying to obtain companies secrets to sell them on the black market or to Apple’s competitors. The research that I have chosen to focus on is cybercrime committed by hackers using channels like Apple Pay to defraud banks and customers. Cybercrime has been on the rise with the convenience and easy use of mobile devices. Hackers no longer need to sit at a computer to hack in to a company’s information security system, they can use smartphones to hack into accounts, commit fraud, and identity theft. Criminals using Apple Pay is also a threat to third-party providers like credit card companies because they have no or a weak authentication system which allows cyber criminals easy access to use Apple pay.
As a MBA student with a concentration in information technology, I believe my research in cybercrime will be a valuable asset to me and my future employer. Many companies do not know of threats especially when it comes to cyber security. With this information I hope to present these findings to personnel in my company that I will work for in the future whether it be the CEO of the company, CIO, or other upper management personnel. This topic is intriguing and hopefully gaining knowledge on this subject will allow me to help prevent future cybercrimes to a company that I may be working for or enable me to develop preventative measures to mitigate any damages that my company may incur. The threat of cybercrime toward Apple is criminals using Apple Pay to defraud banks. This is closely related to the topic of cybercrime as cyber criminals can access a credit card or debit card accounts that are tied to Apple Pay to commit fraud, steal customers’ identities, and sell their information on the black market to other buyers who will use that information to make replica cards. This is an issue that managers need to be aware especially those who manage retail. Hackers will continually try to gain access to sensitive big data like customer credit/debit account information. The problem is that many consumers and companies prefer to use Apple Pay for purchases, mostly to avoid paying credit card fees. They also believe it is more secure than using a standard credit card. As of now, Apple has not done anything to address the threat of hackers using Apple Pay to defraud banks or gain access to customer information. The banks and
credit card companies also have not taken any measures to ensure that the people using Apple Pay are the actual people whose information is on their credit cards are the actual people and not the hackers. The lack of security measures or preventative measures for this threat has made it easy for cybercriminals to easily defraud banks and use consumer information to make purchases. According to Drop Labs’ Cherian Abraham “It is unconscionable that Apple did not, and was not strongly advised by its partners to make the Yellow Path implementation (by an issuer) mandatory sooner than it did, which was four weeks before [Apple Pay’s] launch (Mello, 2015). A lot of security experts say that Apple is to blame for this security threat since they have not done anything that will authenticate the user of Apple Pay. Others argue that the banks are at fault for not authenticating the user and that it’s not the fault of Apple since most of the information of the accounts is held by the banks or the credit card companies. Fraud experts blame the security problems on “poor back-end authentication practices by banks, which are failing to adequately verify cards when they get loaded to an iPhone, in advance to Apple Pay purchases”. Most Apple devices are mostly secure from Malware compared to android devices. Apple devices do have security awareness software that will send information to the banks and users of any possible fraudulent activity but there is no indication if the accounts can be frozen if the activities that are suspicious are fraudulent.
Banks have not been able to strike an accord with Apple with issues of Apple Pay related fraudulent transactions. If this issue is not solved, many banks and retailers will be less acceptable to allow customers to use Apple Pay for purchases. Gartner analyst Avivah Litan states that “Some banks have had a very negative reaction to Apple Pay fraud, and in the words of one banker ‘Apple has thrown them under the bus’ and should take more responsibility for fraudulent enrollments, since they are all done through Apple accounts (Kitten, 2015)”. Apple has implemented security controls to address the threat. The company has introduced what is called the “yellow path” which is used to obtain more information for background checks on from banks and credit/debit card issuers (Paganini,2015). Apple also has implemented security measures in their devices like iPhone and iWatch that will alert the user of Apple Pay and the credit card company of fraudulent activities. Banks and credit card companies will also need to make security measures like further authentication of the user of the Apple Pay account. However, many banks feel that they don’t have they should not be burden in making security measures to prevent cybercrime since the fraudulent transactions were made using Apple Pay. There are many challenges in implementing security measures to prevent cybercrimes over transactions using electronic payment methods like Apple Pay. The first challenge is how to make sure Apple Pay is secure and convenient to use without it being a burden to consumer?
Banks want more security to prevent fraud and identity theft but realize that many customers like using electronic payment because it is convenient and customers don’t have to show their credit cards but use their iPhone or iWatch. The second challenge is can the banks, credit card companies, and Apple come up with a security plan that can be implemented when using Apple Pay? Banks and credit card companies feel that they should not be burden with paying fees from fraudulent activities and believe that Apple is responsible if fraud occurs since the customer used Apple Pay. The credit card companies and banks may have to make a collaborative effort with Apple to make a layered authentication security system that may include an encryption key or login password for the Apple Pay user. Many users have to authenticate or verify they are the user by contacting the call center for Apple Pay. Hackers can easily gain access to a person’s Apple Pay account by obtaining the information through the use of Malware. After getting the information, hackers can add a stolen credit card to the account. However, Apple Pay has a good track record from protection from malware attacks and software. Fraud and identity theft from hacking is not too uncommon. Many hackers do not get caught and leave the victims with a heavy burden. The first case of cybercrime that affected many organizations due to fraud and identity theft was Target. In 2013, during the days before Thanksgiving, a malware program was installed and used to obtain consumers’ credit card numbers. The number were stored on a Target server and later
accessed by the hackers. Approximately 1,797 U.S. stores were affected from the malware. Target was prepared for the attack because it recently installed a $1.6 million dollar Malware detection software program to alert the company if an attack were to happen. The attack was successful, 40 million credit card numbers, 70 million addresses, phone numbers, and other pieces of information was compromised (). Due to the breach, Target conducted interviews with expert security personnel in how to improve their data security and learned what to do in the occurrence of another hacker attack. Target did suffer damages to its reputation, data stolen, and the loss of customer loyalty because of the breach. Target spent about $61 million dollars to repair the damages from the data breach and suffered a profit loss during that quarter. Over ninety lawsuits were also filed against Target for negligence to prevent the data breach and compensatory damages are being sought by banks, credit card companies, and customers. The second case of organizations that failed to defend against the threat of hackers breaching data and using fraud involves J.C. Penny, JetBlue Airways, Nasdaq, Visa, and French retailer Carrefour. The hackers stole 160 million credit card numbers which resulted in over $300 million dollars in losses between the companies. A malware was used so the hackers could gain entry to obtain the credit card numbers and other information from the companies. The breach of data cause reputational damages to the companies and exposure to sensitive data.
Cybercrime involving identity theft and fraud have been on the rise for a while now and companies have to information technology security measures that will protect them from hacker attacks. Companies will have to implement plans and anticipate how data breach can be mitigated. For most companies one solution is to have an intrusion detection system. Many tech companies, banks, government contractor companies have an intrusion detection system that will alert the companies of an impending attack. Vulnerability testing is another good measure to thwart an attack from hackers. Many companies don’t realize that they vulnerable to outside attacks from hackers or Malware because they don’t test their security system which could be outdated. Layer security could be another measure that can help prevent hackers from gaining access to data. Many credit card companies have layer security which may include multiple passwords and authenticating to see if the user of credit card is the person who they say it is. Another measure to use to mitigate fraud and identity theft is to have collaboration with the credit card companies and Apple to have an authentication system to verify the user of the card and alert the companies when fraudulent activity will occur. Fraud is not new and has been increasing with hackers using malware to obtain information of credit cards from unsuspecting consumers and banks. Even with mobile payment platforms like Apple Pay, consumers and banks can still fall victim to fraud
because of the lack of a strong authentication system that can verify the customer or if it’s a hacker. Mello, John P. “Apple Pay Cybercrime Burns” http://www.ecommercetimes.com/story/81779.html?rss=1 Singleton, Micah “Does Apple Pay really have a fraud problem?” http://www.theverge.com/2015/3/4/8149663/apple-pay-credit-card-fraud-banks Ragan, Steven “Crooks Targeting Call Centers to further Apple Pay Fraud” http://www.csoonline.com/article/2891673/loss-prevention/crooks-targeting-call-centers- to-further-apple-pay-fraud.html Paganini, Pierluigi, “Cyber Criminals target call center operators in Apple Pay Fraud Schema” http://www.bankinfosecurity.com/apple-watch-x-security-questions-a- 7997/op-1# Kitten,Tracy “Apple Watch: 8 Security issues ” http://www.bankinfosecurity.com/apple-watch-x-security-questions-a-7997/op-1#
MBA657_ResearchRpt_Waiters

Recomendados

Allen Waiters case study 2
Allen Waiters case study 2Allen Waiters case study 2
Allen Waiters case study 2Allen K. Waiters
 
Allen Waiters MBA 636 term paper
Allen Waiters MBA 636 term paperAllen Waiters MBA 636 term paper
Allen Waiters MBA 636 term paperAllen K. Waiters
 
Waiters ad backwards assignment
Waiters ad backwards assignmentWaiters ad backwards assignment
Waiters ad backwards assignmentAllen K. Waiters
 
Com 621 final paper Waiters 12-15-15
Com 621 final paper Waiters 12-15-15Com 621 final paper Waiters 12-15-15
Com 621 final paper Waiters 12-15-15Allen K. Waiters
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Recomendados

Allen Waiters case study 2
Allen Waiters case study 2Allen Waiters case study 2
Allen Waiters case study 2Allen K. Waiters
 
Allen Waiters MBA 636 term paper
Allen Waiters MBA 636 term paperAllen Waiters MBA 636 term paper
Allen Waiters MBA 636 term paperAllen K. Waiters
 
Waiters ad backwards assignment
Waiters ad backwards assignmentWaiters ad backwards assignment
Waiters ad backwards assignmentAllen K. Waiters
 
Com 621 final paper Waiters 12-15-15
Com 621 final paper Waiters 12-15-15Com 621 final paper Waiters 12-15-15
Com 621 final paper Waiters 12-15-15Allen K. Waiters
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slidesAlireza Esmikhani
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesProject for Public Spaces & National Center for Biking and Walking
 

Más contenido relacionado

Destacado

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Destacado (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

MBA657_ResearchRpt_Waiters

  • 1. Allen Waiters MBA 657 Final Project/Research Paper August 5, 2015 There are many challenges that many organizations face when it comes information security. As much as the world is becoming more modernized through advancement in technology, especially through computers, simple transactions that can be done over the internet that are convenient to consumers, business managers, or even CEOs can turn into a disaster. The company I chose to research was Apple and to understand major security threats that can damage the corporation and exploits its vulnerabilities. With Apple being the top grossing company in the world, they have faced many security threats whether it’s from random hackers trying to obtain companies secrets to sell them on the black market or to Apple’s competitors. The research that I have chosen to focus on is cybercrime committed by hackers using channels like Apple Pay to defraud banks and customers. Cybercrime has been on the rise with the convenience and easy use of mobile devices. Hackers no longer need to sit at a computer to hack in to a company’s information security system, they can use smartphones to hack into accounts, commit fraud, and identity theft. Criminals using Apple Pay is also a threat to third-party providers like credit card companies because they have no or a weak authentication system which allows cyber criminals easy access to use Apple pay.
  • 2. As a MBA student with a concentration in information technology, I believe my research in cybercrime will be a valuable asset to me and my future employer. Many companies do not know of threats especially when it comes to cyber security. With this information I hope to present these findings to personnel in my company that I will work for in the future whether it be the CEO of the company, CIO, or other upper management personnel. This topic is intriguing and hopefully gaining knowledge on this subject will allow me to help prevent future cybercrimes to a company that I may be working for or enable me to develop preventative measures to mitigate any damages that my company may incur. The threat of cybercrime toward Apple is criminals using Apple Pay to defraud banks. This is closely related to the topic of cybercrime as cyber criminals can access a credit card or debit card accounts that are tied to Apple Pay to commit fraud, steal customers’ identities, and sell their information on the black market to other buyers who will use that information to make replica cards. This is an issue that managers need to be aware especially those who manage retail. Hackers will continually try to gain access to sensitive big data like customer credit/debit account information. The problem is that many consumers and companies prefer to use Apple Pay for purchases, mostly to avoid paying credit card fees. They also believe it is more secure than using a standard credit card. As of now, Apple has not done anything to address the threat of hackers using Apple Pay to defraud banks or gain access to customer information. The banks and
  • 3. credit card companies also have not taken any measures to ensure that the people using Apple Pay are the actual people whose information is on their credit cards are the actual people and not the hackers. The lack of security measures or preventative measures for this threat has made it easy for cybercriminals to easily defraud banks and use consumer information to make purchases. According to Drop Labs’ Cherian Abraham “It is unconscionable that Apple did not, and was not strongly advised by its partners to make the Yellow Path implementation (by an issuer) mandatory sooner than it did, which was four weeks before [Apple Pay’s] launch (Mello, 2015). A lot of security experts say that Apple is to blame for this security threat since they have not done anything that will authenticate the user of Apple Pay. Others argue that the banks are at fault for not authenticating the user and that it’s not the fault of Apple since most of the information of the accounts is held by the banks or the credit card companies. Fraud experts blame the security problems on “poor back-end authentication practices by banks, which are failing to adequately verify cards when they get loaded to an iPhone, in advance to Apple Pay purchases”. Most Apple devices are mostly secure from Malware compared to android devices. Apple devices do have security awareness software that will send information to the banks and users of any possible fraudulent activity but there is no indication if the accounts can be frozen if the activities that are suspicious are fraudulent.
  • 4. Banks have not been able to strike an accord with Apple with issues of Apple Pay related fraudulent transactions. If this issue is not solved, many banks and retailers will be less acceptable to allow customers to use Apple Pay for purchases. Gartner analyst Avivah Litan states that “Some banks have had a very negative reaction to Apple Pay fraud, and in the words of one banker ‘Apple has thrown them under the bus’ and should take more responsibility for fraudulent enrollments, since they are all done through Apple accounts (Kitten, 2015)”. Apple has implemented security controls to address the threat. The company has introduced what is called the “yellow path” which is used to obtain more information for background checks on from banks and credit/debit card issuers (Paganini,2015). Apple also has implemented security measures in their devices like iPhone and iWatch that will alert the user of Apple Pay and the credit card company of fraudulent activities. Banks and credit card companies will also need to make security measures like further authentication of the user of the Apple Pay account. However, many banks feel that they don’t have they should not be burden in making security measures to prevent cybercrime since the fraudulent transactions were made using Apple Pay. There are many challenges in implementing security measures to prevent cybercrimes over transactions using electronic payment methods like Apple Pay. The first challenge is how to make sure Apple Pay is secure and convenient to use without it being a burden to consumer?
  • 5. Banks want more security to prevent fraud and identity theft but realize that many customers like using electronic payment because it is convenient and customers don’t have to show their credit cards but use their iPhone or iWatch. The second challenge is can the banks, credit card companies, and Apple come up with a security plan that can be implemented when using Apple Pay? Banks and credit card companies feel that they should not be burden with paying fees from fraudulent activities and believe that Apple is responsible if fraud occurs since the customer used Apple Pay. The credit card companies and banks may have to make a collaborative effort with Apple to make a layered authentication security system that may include an encryption key or login password for the Apple Pay user. Many users have to authenticate or verify they are the user by contacting the call center for Apple Pay. Hackers can easily gain access to a person’s Apple Pay account by obtaining the information through the use of Malware. After getting the information, hackers can add a stolen credit card to the account. However, Apple Pay has a good track record from protection from malware attacks and software. Fraud and identity theft from hacking is not too uncommon. Many hackers do not get caught and leave the victims with a heavy burden. The first case of cybercrime that affected many organizations due to fraud and identity theft was Target. In 2013, during the days before Thanksgiving, a malware program was installed and used to obtain consumers’ credit card numbers. The number were stored on a Target server and later
  • 6. accessed by the hackers. Approximately 1,797 U.S. stores were affected from the malware. Target was prepared for the attack because it recently installed a $1.6 million dollar Malware detection software program to alert the company if an attack were to happen. The attack was successful, 40 million credit card numbers, 70 million addresses, phone numbers, and other pieces of information was compromised (). Due to the breach, Target conducted interviews with expert security personnel in how to improve their data security and learned what to do in the occurrence of another hacker attack. Target did suffer damages to its reputation, data stolen, and the loss of customer loyalty because of the breach. Target spent about $61 million dollars to repair the damages from the data breach and suffered a profit loss during that quarter. Over ninety lawsuits were also filed against Target for negligence to prevent the data breach and compensatory damages are being sought by banks, credit card companies, and customers. The second case of organizations that failed to defend against the threat of hackers breaching data and using fraud involves J.C. Penny, JetBlue Airways, Nasdaq, Visa, and French retailer Carrefour. The hackers stole 160 million credit card numbers which resulted in over $300 million dollars in losses between the companies. A malware was used so the hackers could gain entry to obtain the credit card numbers and other information from the companies. The breach of data cause reputational damages to the companies and exposure to sensitive data.
  • 7. Cybercrime involving identity theft and fraud have been on the rise for a while now and companies have to information technology security measures that will protect them from hacker attacks. Companies will have to implement plans and anticipate how data breach can be mitigated. For most companies one solution is to have an intrusion detection system. Many tech companies, banks, government contractor companies have an intrusion detection system that will alert the companies of an impending attack. Vulnerability testing is another good measure to thwart an attack from hackers. Many companies don’t realize that they vulnerable to outside attacks from hackers or Malware because they don’t test their security system which could be outdated. Layer security could be another measure that can help prevent hackers from gaining access to data. Many credit card companies have layer security which may include multiple passwords and authenticating to see if the user of credit card is the person who they say it is. Another measure to use to mitigate fraud and identity theft is to have collaboration with the credit card companies and Apple to have an authentication system to verify the user of the card and alert the companies when fraudulent activity will occur. Fraud is not new and has been increasing with hackers using malware to obtain information of credit cards from unsuspecting consumers and banks. Even with mobile payment platforms like Apple Pay, consumers and banks can still fall victim to fraud
  • 8. because of the lack of a strong authentication system that can verify the customer or if it’s a hacker. Mello, John P. “Apple Pay Cybercrime Burns” http://www.ecommercetimes.com/story/81779.html?rss=1 Singleton, Micah “Does Apple Pay really have a fraud problem?” http://www.theverge.com/2015/3/4/8149663/apple-pay-credit-card-fraud-banks Ragan, Steven “Crooks Targeting Call Centers to further Apple Pay Fraud” http://www.csoonline.com/article/2891673/loss-prevention/crooks-targeting-call-centers- to-further-apple-pay-fraud.html Paganini, Pierluigi, “Cyber Criminals target call center operators in Apple Pay Fraud Schema” http://www.bankinfosecurity.com/apple-watch-x-security-questions-a- 7997/op-1# Kitten,Tracy “Apple Watch: 8 Security issues ” http://www.bankinfosecurity.com/apple-watch-x-security-questions-a-7997/op-1#