Question

ystems Analysis and Design in a Changing World (7th Edition)

on the Spot Courier Service

Case study for chapter # 6 [page # 182]

Previous chapters have described the technological capabilities that Bill Wiley wants for servicing his customers. One of the problems that Bill has is that his company is very small, so he cannot afford to develop any special-purpose equipment or even sophisticated software.
Given this limitation, Bill’s need for advanced technological capabilities comes at an opportune time. Equipment manufacturers are developing equipment with advanced telecommunications capabilities, and freelance software developers are producing software applications—many of which provide the capabilities that Bill needs. The one caveat is that because this will be a live production system, it needs to be reliable, stable, error-free, dependable, and maintainable.
Let us review some of the required capabilities of the new system, which has been described in previous chapters:
Customers
■   Customers can request package pickup via the Internet.
■   Customers can check the status of packages via the Internet.
■   Customers can print mailing labels at their offices.
Drivers
■   Drivers can view their schedules via a portable digital device while on their routes.
■   Drivers can update the status of packages while on their routes.
■   Drivers can allow customers to “sign” for packages that are delivered.
they only plan to provide some design specifications and guidelines to each resort. The resort will be responsible for connecting to the Internet and for providing a secure wireless environment for the students.
1. For which subsystem(s) is(are) integrity and security controls most important? Why?
2. What data should be encrypted during trans- mission through resort wireless networks to SBRU systems? Does your answer change if students interact with SBRU systems using a cell phone (directly, or as a cellular modem)?
■   The system “knows” where the driver is on his route and can send updates in real time.
■   Drivers can accept payments and record them on the system.
Bill Wiley (management)
■   Bill can record package pickups from the ware- house.
■   Bill can schedule delivery/pickup runs. ■   Bill can do accounting, billing, etc. ■   Bill can access the company network from his
home. Given these requirements, do the following:

1. What kind of fraud is possible in this scenario? By the customer? By the truck driver? By colaboration between system users? What steps should Bill take to minimize the opportunity for fraud?

2. What kind of access controls should be put in place? For the customer? (Notice the customer has no financial transactions. Would you change your answer if the customer could also make payments online?) For the truck driver? For Bill? Are the typical userID and password sufficient for all three, or would you require more or less for each?

Answer 1

Types of possible fraud:

There are numerous types of fraud are available in this scenario. There are,

* One way to commit the fraud is when a person accepts the money in the name of truck driver.
* Another way is “overprice”. That is. actual package price is tess but the customer pay is high.
This could easily happen with huge packages for large customers.

Fraud is more complex process for customer to commit by themselves because; they don't have
direct control the money or weight.

+ But. the customer could work together with truck driver to overprice for packages and divide the
overprice rate.

* Atruck driver work with himself or with customer could cause the “phantom ship packages”.

* Fundamentally, the customer will charge the packages will not be happen.

Steps to avoid the fraud:

Steps are taken by Bill to avoid the fraud is given below:

+ One way to prevent the fraud is to provide the “delivery receipt” to customer at the pickup time,
it also provide the “package lists” and “package prices” are transmit to customer on periodic
basis and verify it by the customers.

© This will help to reduce overprice.

« Another way to prevent the fraud is to provide the “tracking number’ to all packages. Then, only
customer follows their package during its progress.

0 This will help to reduce the phantom packages.

« For each and every time, change the drivers during the delivery routes.

o Then only the drivers are not known by customer at customer focation.

The access contro! “userlD” and “password” are enough for basic level for all three users such as
“customer”, “truck driver’, and “Bill’.

Customer:

Customer requires the “userlD” and “password” access control to transmit the packages. Then,
only another people do not have rights to use the customer accounts to transmit the packages.

* There is no change when the customer performs financial transactions. Because, it has basic
leve! access contro! such as “userlD” and “password” and also it has additional access controls
such as “mobile verification” is enough to transmit the packages.

Truck driver:

Truck driver requires the “useriD" and “password” access control to transmit the packages. But,
the issue is driver devices are “portable”. So easily transfer the data or stolen by someone.

* For safety measures, the device should automatically log off the authentication after some time.
* This method provides the security with efficient output, but it is not an efficient method.
Because, it requires log in for each and every transaction.

Bill:

Bill requires the “useriD” and “password” access control to transmit the packages and all financial
records. Bill should have access control similar to bank account authentication which requires
“userlD” and “Password”.

Conclusion:

Therefore, the typical access control “userlD” and “password” with additional access controls
such as “recognizable computers’, “mobile verification” and so on are needed to protect the
system inside the organization.